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Abstract 


The S/MIME development community benefits from sharing samples of signed or encrypted data. 
This document facilitates such collaboration by defining a small set of X.509v3 certificates and 
keys for use when generating such samples. 


Status of This Memo 


This document is not an Internet Standards Track specification; it is published for informational 
purposes. 


This document is a product of the Internet Engineering Task Force (IETF). It represents the 
consensus of the IETF community. It has received public review and has been approved for 
publication by the Internet Engineering Steering Group (IESG). Not all documents approved by 
the IESG are candidates for any level of Internet Standard; see Section 2 of RFC 7841. 


Information about the current status of this document, any errata, and howto provide feedback 
on it may be obtained at https://www.rfc-editor.org/info/rfc9216. 


Copyright Notice 


Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights 
reserved. 


This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF 
Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this 
document. Please review these documents carefully, as they describe your rights and restrictions 
with respect to this document. Code Components extracted from this document must include 
Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are 
provided without warranty as described in the Revised BSD License. 
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1. Introduction 


The S/MIME ([RFC8551]) development community, in particular the email development 
community, benefits from sharing samples of signed and/or encrypted data. Often, the exact key 
material used does not matter because the properties being tested pertain to implementation 
correctness, completeness, or interoperability of the overall system. However, without access to 
the relevant secret key material, a sample is useless. 
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This document defines a small set of X.509v3 certificates ([RFC5280]) and secret keys for use when 
generating or operating on such samples. 


An example RSA Certification Authority is supplied, and sample RSA certificates are provided for 
two "personas", Alice and Bob. 


Additionally, an Ed25519 ([RFC8032]) Certification Authority is supplied, along with sample 
Ed25519 certificates for two more "personas", Carlos and Dana. 


This document focuses narrowly on functional, well-formed identity and key material. It is a 
starting point that other documents can use to develop sample signed or encrypted messages, test 
vectors, or other artifacts for improved interoperability. 


1.1. Terminology 


"Certification Authority" (or "CA"): a party capable of issuing X.509 certificates 


"End Entity" (or "EE": a party that is capable of using X.509 certificates (and their corresponding 
secret key material) 


"Mail User Agent" (or "MUA"): a program that generates or handles email messages ([RFC5322]) 


1.2. Prior Work 


[RFC4134] contains some sample certificates as well as messages of various S/MIME formats. That 
older work has unacceptably old algorithm choices that may introduce failures when testing 
modern systems: in 2019, some tools explicitly marked 1024-bit RSA and 1024-bit DSS as weak. 


This earlier document also does not use the now widely accepted Privacy-Enhanced Mail (PEM) 
encoding (see [RFC7468]) for the objects and instead embeds runnable Perl code to extract them 
from the document. 


It also includes examples of messages and other structures that are greater in ambition than this 
document intends to be. 


[RFC8410] includes an example X25519 certificate that is certified with Ed25519, but it appears to 
be self issued, and it is not directly useful in testing an S/MIME-capable MUA. 


2. Background 


2.1. Certificate Usage 


These X.509 certificates ([RFC5280]) are designed for use with S/MIME protections ([RFC8551]) for 
email ([RFC5322]). 


In particular, they should be usable with signed and encrypted messages as part of test suites and 
interoperability frameworks. 
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All end-entity and intermediate CA certificates are marked with Certificate Policies from [TEST- 
POLICY] indicating that they are intended only for use in testing environments. End-entity 
certificates are marked with policy 2.16.840.1.101.3.2.1.48.1 and intermediate CAs are marked with 
policy 2.16.840.1.101.3.2.1.48.2. 


2.2. Certificate Expiration 


The certificates included in this document expire in 2052. This should be sufficiently far in the 
future that they will be useful for a few decades. However, when testing tools in the far future (or 
when playing with clock-skew scenarios), care should be taken to consider the certificate validity 
window. 


Due to this lengthy expiration window, these certificates will not be particularly useful to test or 
evaluate the interaction between certificate expiration and protected messages. 


2.3. Certificate Revocation 


Because these are expected to be used in test suites or examples, and we do not expect there to be 
online network services in these use cases, we do not expect these certificates to produce any 
revocation artifacts. 


As a result, none of the certificates include either an Online Certificate Status Protocol (OCSP) 
indicator (see id-ad-ocsp as defined in the Authority Information Access X.509 extension in 
Section 4.2.2.1 of [RFC5280]) or a Certificate Revocation List (CRL) indicator (see the CRL 
Distribution Points X.509 extension as defined in Section 4.2.1.13 of [RFC5280]). 


2.4. Using the CA in Test Suites 


To use these end-entity certificates in a piece of software (for example, in a test suite or an 
interoperability matrix), most tools will need to accept either the example RSA CA (Section 3) or 
the example Ed25519 CA (Section 6) as a legitimate root authority. 


Note that some tooling behaves differently for certificates validated by "locally installed root CAs" 
than for pre-installed "system-level" root CAs). For example, many common implementations of 
HTTP Public Key Pinning (HPKP) ([RFC7469]) only applied the designed protections when dealing 
with a certificate issued by a pre-installed "system-level" root CA and were disabled when dealing 
with a certificate issued by a "locally installed root CA". 


To test some tooling specifically, it may be necessary to install the root CA as a "system-level" root 
CA. 


2.5. Certificate Chains 


In most real-world examples, X.509 certificates are deployed with a chain of more than one X.509 
certificate. In particular, there is typically a long-lived root CA that users' software knows about 
upon installation, and the end-entity certificate is issued by an intermediate CA, which is in turn 
issued by the root CA. 
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The example end-entity certificates in this document can be used either with a simple two-link 
certificate chain (they are directly certified by their corresponding root CA) or in a three-link 
chain. 


For example, Alice's encryption certificate (alice.encrypt.crt; see Section 4.3) can be 
validated by a peer that directly trusts the example RSA CA's root cert (ca. rsa.crt; see Section 
3.1): 


alice.encrypt.crt 


Figure 1: Validating Alice's encryption certificate directly when the issuing CA is a trust anchor 


And it can also be validated by a peer that only directly trusts the example Ed25519 CA's root cert 
(ca.25519.crt; see Section 6.1) via an intermediate cross-signed CA cert (ca. rsa.cross.crt; 
see Section 3.3): 


ca.25519.crt alice.encrypt.crt 


Figure 2: Validating Alice's cert from a different trust anchor via an intermediate cross-signed CA 
certificate 


By omitting the cross-signed CA certs, it should be possible to test a "transvalid" certificate (an 
end-entity certificate that is supplied without its intermediate certificate) in some configurations. 


2.6. Passwords 


Each secret key presented in this document is represented as a PEM-encoded PKCS #8 ([RFC5958]) 
object in cleartext form (it has no password). 


As such, the secret key objects are not suitable for verifying interoperable password protection 
schemes. 


However, the PKCS #12 ([RFC7292]) objects do have simple textual passwords, because tooling for 
dealing with passwordless PKCS #12 objects is underdeveloped at the time of this document. 
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2.7. Secret Key Origins 


The secret RSA keys in this document are all deterministically derived using provable prime 
generation as found in [FIPS186-4] based on known seeds derived via SHA-256 ([SHA]) from 
simple strings. The validation parameters for these derivations are stored in the objects 
themselves as specified in [RFC8479]. 


The secret Ed25519 and X25519 keys in this document are all derived by hashing a simple string. 
The seeds and their derivation are included in the document for informational purposes and to 
allow recreation of the objects from appropriate tooling. 


All RSA seeds used are 224 bits long (the first 224 bits of the SHA-256 digest of the origin string) and 
are represented in hexadecimal. 


3. Example RSA Certification Authority 


The example RSA Certification Authority has the following information: 


Name: Sample LAMPS RSA Certification Authority 


3.1. RSA Certification Authority Root Certificate 
This certificate is used to verify certificates issued by the example RSA Certification Authority. 


Fn BEGIN CERTIFICATE----- 
MIIDezCCAmOgAwIBAgITcBnOxb/zdaeCQlqp6yZUAGZUCDANBgkqhkiG9wOBAQOF 
ADBVMQOwCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo 
U2FtcGx1lIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFwOxOTEx 
MjAwNjUOMThaGA8yMDUyMDkyNzA2NTQxOFowVTENMASGA1UEChMESUVUR j ERMA8G 
ATUECXxMITEFNUFMgVOcxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSUOEgQ2VydG1m 
aWNhdGlvbiBBdXRob3 JpdHkwggEiMAOGCSqGSIb3DQEBAQUAAA4IBDwAWggEKAOIB 
AQC2GGPTEFVNdi0LsiQ79A0Mz2G*LRJ1bX2vNo8STibAnyQ9VzFrGJHjUhRX/Omr 
OP3rDCB2SYfBPVwd@CdC6z9qf JkcVxDc1hK*VS9vKncLOIPUYlkJwWuMpXal1Ielz 
*zCuV*gjV83Uvn6wTn39MCmymu7nFPzihcuOnbMYOCdMmUbi1Dm8TX9P6itFR3hi 
IHpSKMbkoX1M1837WaFfx57kBIoIuNjKEyPIuK9wGUAeppc5QAHJg95PPEHNH1mM 
yhBzClmgkyozRSeSrkxq9XeJKU941WGaZOzb4karCur /eiMoCk3YNV8L3styvcMG 
1qUDCAaKx6FZEf7hE9RN6L3bAgMBAAGjQjBAMA8GA1UdEWEB / wQFMAMBAf 8wDgYD 
VROGPAQH/BAQDAgEGMB0GA1UdDgQWBBSRMIS58BxcMp/EJKGU2GmccaHbOWTANBgkq 
hkiG9wOBAQOFAAOCAQEACDXW1JG j zKadNMPcF1ZInZC*Hl7RLrcBDR25jMCXg9yL 
IwGVECNp2fHA4-YHTRTGLH81aPADMdUGHgpfcfqwjesavt/mO0TO0S0L j JORVm93fE 
heSNUHUigVR9njTVw2EBz7e2p*v3tOsMnunvm6PIDgHxx0W6mjzMX71G74bJfo-*v 
dx+jl/aXt+iih5pi7/2Yu9eTDVut+S52wsnF 89BEJeVOr+EmGDxUv47D+5KuQpKM9 
U/isXpwC6K/36T8RhhdOQXDq0Mt91TZA4dJTTOm3cmo80zzcxsKMDStZHOOzCBtBq 
ulbwWw50a720/Iwg9v+WOWkSBCWEadf /uK+cRicxrQ== 

= = = END CERTIFICATE----- 
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3.2. RSA Certification Authority Secret Key 


This secret key material is used by the example RSA Certification Authority to issue new 
certificates. 


mic BEGIN PRIVATE KEY----- 
MIIE-wIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2GGPTEFVNdiOL 
SiQ79A0Mz2G-*LRJ1bX2vNo8STibAnyQ9VzFrGJHjUhRX/OmrOP3rDCB2SYfBPVwd 
@CdC6z9qf JkcVxDc1hK*VS9vKncLOIPUYIkJwWuMpXa1Ielz-*zCuV-*gjV83Uvn6w 
Tn39MCmymu7nFPzihcuOnbMYOCdMmUbi'1Dm8TX9P6itFR3hilHpSKMbkoX1M1837 
WaFfx57kBIoIuNjKEyPIuK9wGUAeppc5QAHJg95PPEHNHImMyhBzClmgkyozRSeS 
rkxq9XeJKU941WGaZO0zb4karCur/eiMoCk3YNV8L3styvcMG1qUDCAaKx6FZEf7h 
E9RN6L3bAgMBAAECggEAE3tFhsm7DpgD1ro-*1Sk1kjbHssRA4sOBHbAzrPp6c18PO 
6T8gWuBcj1DzOzykNTzaMaDxAia4vuxVJB1mberkNHzTFqyb8bx3ceSEOCT3aoyq 
5fiFpROeL6Balvgg8RTvNCAIApHNa4pVk0XD8Wq-*h7ml1UAOYGbie5U08/P2qWjcOz 
*zcheyYXJS/iuu0t2/F0ihEWGcXBmoc8D-*-*n7mKst2 j KAHD4w1PN2MgVqnmagpBz 
gobFNmCZyZpDS+PPTtQZ1XvdGF5Sodc+Fz+jpWunlkqxDHE4UIZzDA/HAaBgORbm 
aEZaVsOs9ZExeqOtqu2fPB7zF/1JKdRk4UJOUxS00QKBgQDJwonP5RwvOOsYoCiw 
zuFcYTmN/hI3R3viKuxr19CH6-4mvuIU850o0IHF6TiouZwhk*6-*Vk7rcXdS554DTA4 
2RbVrX/5i/MOzx8c81llIwoZJIasLz*vx8FA4n6hyhV65bXN7AIBojMh2dt8tP2MZ/R 
VEfskAmNmO6yKuzyAf jJziCnCOKBgODnDH9UYUIPkqOPSvViKQFJFCB9BJPFhld2 
pIgoziw/JZzM3W31WUOKWG7UXxSOT3xmn31IX6xmWWA4vX1/088ybObZWYPOedb61GM 
I9DoI5igndLgDwyOL2PFuZh5pqqc09DE-*cpJW4nNoudqTNmCr jhmxNCGKgG j 1D8z 
/OkSccvywwKBgDd0ReajRUziEjDxjF2UbzKx8lzJsXAKIs22GIdHqSRCvlcy80Qa 
5WN3ULNiyB350HCP69wDFMXYym5rJoQjPvh6GIuhYKvAV8fffxkYv5kx5uWiXZVJ 
7v2x*m8rMqlyv*pkyWLV8KKytHmdiBzD-*oTWxF7r4ueLjtaxngzxn93pAoGBAKpR 
rR9PnroKHubSE/drUNZFLvnZwPDv6108T978tONL372pUT9KjR8eN31DaMpoQOpc 
BqvpSoQjBLt1nDysV2krIORwMIOzAWCOE9C8RMvJ6-RdU50Q1BSy jvLGaKi5AAHk 
PTKk8cGYVO1BCHG1X8p3XYfw0xQaHxtuVCV8eYgCvAoGBAIZeiVhcOYTJOjUadz*0 
vSOzAlarg5k2YCPCGf7z*ijM5rbMk7jrYixD6WMj TOkVLHDsVxMBpbA7GhL7TKy5 
cepBH1PVwxEIl18dqN-*UoeJeBpnHo/cj JOiCR9/aMJzI-*qiUo3OMDR-*UH99NIddKN 
i75GRVLAeWOIzgtO09EMEiD9joDswOQYKKwYBBAGSCBIIATErMCkGCWCGSAF1AwQC 
AgQcpcG3hHYU7WYaawUiNRQotLfwnYzMotmTAt1i6Q-- 

IUS END PRIVATE KEY----- 


This secret key was generated using provable prime generation found in [FIPS186-4] using the 
seed a5c1b7847614ed661a6b0522351428b4b7f09d8ccca2d99302dd62e9. This seed is the first 
224 bits of the SHA-256 ([SHA]) digest of the string draft-lamps-sample-certs- 
keygen.ca.rsa.seed 


3.3. RSA Certification Authority Cross-Signed Certificate 


If an email client only trusts the Ed25519 Certification Authority Root Certificate found in Section 
6.1, they can use this intermediate CA certificate to verify any end-entity certificate issued by the 
example RSA Certification Authority. 
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Somos BEGIN CERTIFICATE----- 
MIIC5zCCApmgAwIBAgITcTQOnnf8DUsvAdvkX7mUemYos7DAFBgMrZXAwWTENMAsG 
A1UEChMESUVURj ERMA8GA1UECXMITEFNUFMgV@cxNTAZBgNVBAMTLFNhbXBsZSBM 
QU1QUyBFZDIT1NTESIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIWMTIXxNTIx 
MzUONFoYDzIWwNTIwOTI3MDY1NDEA4WjBVMQOwCwYDVQQKEWRJRVRGMREwDwYDVQQL 
EwhMQU1QUyBXRZEXMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ@aWZpY2F@ 
aWO9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL Y Y 
Y9MQVU12LQuyJDvODQzPYb4tEmVtfa82jxJOJsCfJD1XMWsYkeNSFFf86as4 /esM 
IHZJh8bE9XB3QJOLrP2p8mRxXENzWEr5VL28qdwvQg9RiWQnBa4yldrUh6XP7MK5X 
6CNXzdS-*frBOffOwKbKa7ucU/OKFy46dsxg4J0yZRuLUObxNf0 /qK0VHeGIgello 
xuSheUzXzftZoV/HnuQEigi42MoTI8i4r3AZQB6mlzlAAcmD3k88QcO0eWYzKEHMK 
WaCTKjNFJ5KuTGr1dAkpT3iVYZpnTNviRqsK6v96IygKTdgiXwvey3K9wwbWpQMI 
BorHoVkR/uET1E30ovdsCAWwEAAaN8MHowDwYDVROTAOH/BAUWAWEB /ZAXBgNVHSAE 
EDAOMAwGCmCGSAF1AwIBMAIwDgYDVROPAQH/BAQDAgEGMB0GA1UdDgQWBBSRMIS58 
BxcMp/EJKGU2GmccaHbOWTAfBgNVHSMEGDAWgBRropV9uhSb5COEOQek0YLkLmuM 
tTAFBgMrZXADQQBnQ-*0eFP/BBKz8bVELVEPw9WFXwIGnyH7rrmLQJSE5GJmm7cYX 
FFJBGyc3NWz1lxxyfJLsh@yYh@4dxdM8R5hcD 

Soa END CERTIFICATE----- 


4. Alice's Sample Certificates 


Alice has the following information: 


Name: Alice Lovelace 


Email Address: alice@smime.example 


4.1. Alice's Signature Verification End-Entity Certificate 


This certificate is used for verification of signatures made by Alice. 
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Soot BEGIN CERTIFICATE----- 
MIIDzzCCAregAwIBAgITN@EFee11f@Kpolw69Phqzpqp1zANBgkqhkiG9w@BAQ@F 
ADBVMQOwCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU 1QUyBXRzEXxMC8GA1UEAxMo 
U2FtcGx1lIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFwOxOTEx 
MjAwNjUOMThaGA8yMDUyMDKyNzA2NTQxOFowOzENMAsGA 1UEChMESUVUR j ERMA8G 
A1UECXMITEFNUFMgV@cxFZAVBgNVBAMTDkFsaWN1LIExvdmVsYWNIMIIBIjANBgkq 
hkiG9wOBAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0j TkfCvATfA/ 
pdO/KLpZbJOAEr0sI7Aja07B1GuMUFJeSTulamNfCwDcDkY63PQWI-*DILs7GxVwX 
urhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfst+E7QMFtmd+K04s+A8TCNO12DRVB 
DpbP4JFD9hsc8prDtpGmFk7rd@q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2w 
ZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3 /Y@pG7QFecN78361PPdfTMSiPR+peC 
rhJZwLSewbWXLJe3VMvbvQjoBMpEY laJBUIKk01zQ1Pq9@nj 1sJLOWIDAQABo4Gv 
MIGsMAwGA1UdEwEB /wQCMAAwFwYDVROgBBAwD j AMBgpghkgBZQMCATABMB4GA1Ud 
EQQXMBWBE2F saWNI1OHNtaW11LmVA4YW1wbGUwEwYDVROlBAwwCgYIKwYBBQUHAWQW 
DgYDVROPAQH/BAQDAgbAMBOGA1UdDgQWBBS79syyLROGEhyXrilqkBDTIGZmczAf 
BgNVHSMEGDAWgBSRMIS8BxcMp/EJKGU2GmccaHbOWTANBgkqhkiG9wOBAQOFAAOC 
AQEAcAmiNqfOqaBpI3f-*CpJDhxtuZ2P9HjQEQ-*v6BdP7GKJ19naIs3BjJOd64roA 
KHAp-*c284VvyVXWJ99FMX8q2ZUQMxH-*xh60Afzcozmnd6XaVWHg4eHIjSo27PmhK 
E10AJKKhDbdbEcZXL2+x1V+duGymWtaD@1DZZukKYr7agyHahiXRn/C9cy31wbqN 
sy9x0f jPQg6+DqatiQpMz9EITae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1F 
hd06zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16 jMhwFXLJtBiN+uCDgNG/D@ 
qyTbY4fgKieUHx/tHuzUszZxJg-- 

ST END CERTIFICATE----- 


4.2. Alice's Signing Private Key Material 


This private key material is used by Alice to create signatures. 
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= BEGIN PRIVATE KEY----- 
MIIE-*gIBADANBgkqhkiG9wO0BAQEFAASCBKcwggS jAgEAAoIBAQCO9InoWDgWPk2a 
f0+StijSNOR8K/hN8D+10780ul1sk4ASvSwj sCNo7sHUa4xQU15J06VqY18LANWO 
Rjrc9BaX4MguzsbFXBe6uFh1mVpXmF xSpUByQ+95OMFz/evPgP96wV+Z4T tAWwW2Z 
34rTiz4DxMI@7XYNFUEO1s/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4 
xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWF f iOucfCn-*IQsaqpo1d3f9jSkbtAV5w3 
vzfog8919MxKI9H614KuElnAtJ7BtZcs17dUy9u9COgEykRiVokFQgqQ7XNDU-* r3 
SeOWwks7AgMBAAECggEAFKD2DG9A1u77q3u3p2WDH3zueTtiqgaT8u8XO-* jhOI/- 
HzoX9eo8DIJ/b/G3brwHyfh17JFvLH1zbgsnb5bghJTz3r*JcZZ513srqMV8t8zjI 
JEHOKC3szH8gYVKWrIgBAqOt1H9Ti8J20Kk2aymqBFr3ZXpBUCTWpEz2s3FMBUUI 
qCEsAJqsdEch*kt43X5kvAom7LC1DHiEG6RKfhMEub/LGNHSwY4dmzhaG6p95F J1h 
S8HoURI2ReVpsTadaKd3KoYNc11lcffmwdZs/hFs7xmmwXKMmlonh1mzHqD1 /BqeJ 
Hc8MP4ueDdyVgIe/uVtlQ9NcRQbuokkDyDYMYV6hzQKBgQD75ahYGFGZznRKtSE3 
w/2rUqTYIWxx2PQz5658PcsTZM89Hj4aZOoL mudHbr TQH1uRNCHOXEI62rs0cVPs 
D7I1ZOLfs+SSTeNEXxD57mj yyuf pV650cNc1mSJAmMX2 jWQ8ndnOuWPcc5J6fNvT 
au0a7ZBOaeKHnA8XXL3GYilM9QKBgQC35xKi7f2JmGtsYY21tfRuDUme6E j hMW6b7 
GWnI9IXF8TGj15s70DEYvqSPTJdB6PAb/tZwdb j 9mB4qj 176x1kB/N7G097408UP 
/PdHkU7duyf5nRqimriI+yGFHVsGD313rct+takYdKcC207e61IRMST1ZFoznC6qNgpi 
nNTuDzAZbwKBgA5Dd9/dKKm77gvY690bjn6oBFuUsO5VaaaS1csFOL2VZMLCNqQJ 
*NLFZ7k8xJJQVcEIOT2uE7X/csBKdoUUcnL5nnsqVZQPQwI5G937KQgugylMZLte 
WmF X1X/w5qzKXtWr3o0x9JPFzveSfs1bqZBilQQmfp@skhBo/ j yNvpYUNAOGAMNkw 
GhcdQW87GY7QFXQ/ePwOmVA491grCT/BwKPDK1815ZgvfL /ddEzWQgH/XraoyHT2T 
uEUM18+QM73hfLt26RBCHGXK1CUMMzL+fAQc7sjH1YX1lkleFASg4rrpcrkKqoR+KB 
YSiayNhAKAyrf*WN66C8VPknbA7usOL1TEbAOAECgYEAtwRiiQwk3BlqENFypyc8 
001pxp3U7ciHi8mniO0kNcTqe57Y/208nYO9ISnt1GffMs79YQfRXTRdEm2St60ChI 
9Cv5j74LHZXkgEVFf02Nq/uwSzTZkePk-*HoPJoAWtAdokZgRAyyHl10gEae8R189e 
yBX7dutONAL jRZFTrg18CuegOzA5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC 
BBySyJ1DMNPYAx1P3pudD-*bp /BQhQd11pF5bQ28F 

= = END PRIVATE KEY----- 


This secret key was generated using provable prime generation found in [FIPS186-4] using the 
seed 92c89d4330d3d8e31d4fde9b9d0fe6e9fc142141dd65a45e5b436f905. This seed is the first 
224 bits of the SHA-256 ([SHA]) digest of the string draft-lamps-sample-certs- 
keygen.alice.sign.seed 


4.3. Alice's Encryption End-Entity Certificate 


This certificate is used to encrypt messages to Alice. 
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Soot BEGIN CERTIFICATE----- 
MIIDzzCCAregAwIBAgITDy@1vRE510r0Q1SHoe49NAakKtDANBgkqhkiG9w@BAQ@F 
ADBVMQOwCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo 
U2FtcGx1lIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFwOxOTEx 
MjAwNjUOMThaGA8yMDUyMDKyNzA2NTQxOFowOzENMASsGA 1UEChMESUVUR j ERMA8G 
A1UECXMITEFNUFMgV@cxFZAVBgNVBAMTDkFsaWN1LIExvdmVsYWNIMIIBIjANBgkq 
hkiG9w@BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBou0P6AFQJ+RpwpODxxzY6@n1 
1J53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c*auzPKJ2Zu5mY6kHm- 
hVB«IthjLeI7Htg6rNeuXq50/TuTSxX5R111bEXGt8p6hAQVeA50Z2afHg4b97enV 
8gozR@/Nkug4AkXmbk7THNc8vv jMUJanZ /VmS4TgDqXjWShplcI3lcvvBZMswt41 
/0HJvmSwqpS6oQcAx3Weag0yCNj 1V9V9yu/3DjcYbwW21Jf 5NbMHbM1LYAX5chWf 
NEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/ jA/EB/WI+whUpqtQIDAQABo4Gv 
MIGSMAwGA1UdEwEB/wQCMAAWFwYDVR@gBBAwD j AMBgpghkgBZQMCATABMB4GA1Ud 
EQQXMBWBE2FsaWN1QHNtaW11LmV4YW1wbGUwEwYDVR@1BAwwCgY IKwY BBQUHAWQw 
DgYDVR@PAQH /BAQDAgUgMB@GA1UdDgQWBBSiU@HVRDyAKRV 8ASPw546vzfN3DzAf 
BgNVHSMEGDAWgBSRMI58BxcMp / EJKGU2GmccaHbOWTANBgkqhkiG9w@BAQ@FAAOC 
AQEAgU140JyxMpwWpAy LOVK6NEbM11gD5H14EC4Muxq1u@q2XgXOSBHI6DFfX/4LD 
sfx7fSIus8gWVY3WqMeu0A71izkBD+GDEu8uKveERRXZncxGwy2MfbH1 I b3U8QzT 
jqB8+dz2AwY eMxODWq9opwtA/1TOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps 
98Hm/3gznbvhdjFbZbi40Z3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQA 
W--0IKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG-* sNOo2kc1 
nTX185RHNrVKQK-*LOYWY1Q-*hWA-- 

Aæ END CERTIFICATE----- 


4.4. Alice's Decryption Private Key Material 


This private key material is used by Alice to decrypt messages. 
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SSS BEGIN PRIVATE KEY----- 
MIIE-*gIBADANBgkqhkiG9wO0BAQEFAASCBKcwggS jAgEAAoIBAQCalSn6i86i44/0o 
AVAn5GnCk4PHHNj rSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnV 
z5q7M8onzm7mZ jqQeb6FUHAi2GMt4jse2Dqs165ernT905NLFf 1HUjURca3ynqEB 
BV4DmhnZp8eDhv3t6dXyC jNHT82S6DgCReZuT tMc1zy++MxQlqdn9WZLhOAOpeNZ 
KGmVwj eVy+8FkyzC3jX/Qcm+ZLCq1lLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaU 
1/k1swdszUtjhflyFZ8@RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAW1Lb+MD8QH9Y 
j7CFSmq1AgMBAAECggEADgxoWEDDRE 5yEZ+s7TMw+WH20+3X00rryqnsLbOyv34I 
wAAUWK7qZy jd9rSDOAtBOgFhQNXYhWZ1T*O0iHslCIfqJMZ8wy1iFHBCIphoMSWs5 
/D+idXrUef5Y23rC1BxXH@g1UnSGXnpUH4ehV6p1 lvZMh40JKEoMC4cpyd1SzXrw 
+VGCc1+pXv/tTW3Rb2qoWO9JoWY+Epcssrw5N80FIFODhH4QFbLN6pVTt28aQ4pf / 
1KhLoapjFzXSYp/jrcNjYJ9qRdSAbZsKOJ2yZ0yqjLHDCDipFty-*WOpkUZcJhsgu 
Cg1Stt7tKgSvAV/nEjN8e/vA91/AACKBCNcLzEoLgQKBgQCAeTM6BDCzlusXJBKA 
SRC/WwUthJZz fOk2GmwrODCTRYhWQSDjBfiQNboazHObVPz45qP10fOt2iPEHeX- 
VWAXTNrN69M9lEzxygA3s761AejBRSFbLWkzLYqPB3oZwSIE7CrWHTXJipFWZv-X 
FG1R418fnRCUMJ4j85qem5iyqQKBgQDWhQMJu7FC02f r83qsIdLwqhiDtTpwUN3 j 
qfp7JoEZOxbm3TgM1xPAkrQTUgf r2ZhXGtUwsuKHyifxQEycrTkBOgO0gqAfGOfnv 
ybyXK6/guctHJQiy641L39kPuvQkKB+Y060B/oF6zbyFvqanoKXjpspObN3i3yBU 
X5/EOu/LLQKBgQCUVwHWeWAgSg+pgBx9 jGOnPKA4hOCkznRJ7qyuo37Tv-*E3171Ff 
vYFvlYSd4C JmmiUCkZTVK3FkL7HrFo/HwSeQFQEt7aDkN8 j X9bPPFv8K+UoONgkGp 
LA8YVFrDQSPyadfNVYvsuXhzJLZSYGjPOGHgI5JufYLDZAUDK / T97ekQYQKBgDDM 
ORCxvXTyGiW2USVu3EkaqFDtnMmH27G6L Nxuudc/dco2cFWbZObbGFN8yYiBCwJl 
fDGDv7wb5FIgykypqtn4lpvjHUHA6hX90gShT3TTTsZ0S j JJGgZEeV/2qyq-*ZdF / 
YatecV26BzR1Vfuzs4jBnCuSADaHgxcuWW2N6pZRAoGAWTovk3xdtEOTZvDerxUY 
18hX*vwJGy7uZjegi4cFecSkORA4iekVxrEvEGhpNdEB2GqdL gp6Q6GPdalCG2wc4 
7pojp/80inc4RtRRf3nZHaTy00bnSe/0y-*tO0OUbkRMtXhnViVhCcOt6BUcsHupbu2 
Adub72KLk-*gvASDduuatGjqgOzAS5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC 
BBwc90hJ90RfRmxCciUfX5a3f6Bpiz6Ys/Hugge/ 

= = END PRIVATE KEY----- 


This secret key was generated using provable prime generation found in [FIPS186-4] using the 
seed 1cf74849f7445f466c4272251f5f96b77fa0698b3e98b3f1ee8207bFf. This seed is the first 
224 bits of the SHA-256 ([SHA]) digest of the string draft-lamps-sample-certs- 
keygen.alice.encrypt.seed 


4.5. PKCS #12 Object for Alice 


This PKCS #12 ([RFC7292]) object contains the same information as presented in Sections 3.3, 4.1, 
4.2, 4.3, and 4.4. 


It is locked with the simple five-letter password alice. 
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----- BEGIN PKCS12----- 

MIIX-AIBAzCCF8AGCSqGSIb3DQEHAaCCF7EEghetMIIXqTCCBI8GCSqGSIb3DQEH 
BqCCBIAwggR8AgEAMIIEdQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIWQKs 
PyUaB9YCAhTCgIIESCsrTOUTY394FyrjkeCBSV1dw713090ZN7N6Ux2KyIamsWiJ 
77t7RL1/VSXSBLjVV8Sn5+/o03mF j rSNkyQbWuky33ySVy3HZUdZc2RTooyFEdRi8 
x82dzEaVmab7pW4zpoG/IVR60TizcWJOooGoE00Rim6y2G*iRZ3ePBUq0-*8eSNYW 
*jlWov9abdFqj9j1bQKj/Hrdje2TCd16a9sSlTFYvIxBWUdPlZDwvCQqwiCWmXeI 
6TIEpZ1ldksDj r5N+zFhSLORWABGRU8j XSU9AESem9DF xoqZq8VsQcegQFY6aJcZO 
Xel7IECIAgK8nZ1KCTzZyNVALxeFw@ijWnW41tDaqcC6GepmuINiqqdD94YAOHxR1 
11KU4mLknSJ36W4T7val4fp98sK@nGpaDzQheu6BbQ+dVd44q52MDwvqvD®Y 7UjF 
IVEP3V9Ebfn641CROmIcVCUynxb3aaKjhgBKTGbYsKtPue974rDPIArMs2Heo8y3 
cq*f7Jce0IVCglRatN6rSyJBF8J1BQW5pZGco8AwTM1pK3RrdIDziheA8DIBB-KT 
4JZBO6UprlcZ5wBY6ncXWa5E4feb57Cd3bB*zJuubBX9f4yG/JOcSF59w92c/6Qb 
i4EFk6tAiz19PxuLLwjco71e69Jiav19Ph/WJpf /XCEurw7K+VAeZALFW41G/D3@ 
WIBRC2shisHB3j8*3fNPcvi4Fy3EkZNWAlrZFAjbBtloCxk5rcfRS7vxucAvC5X9 
4bmOxEcdOysnup1H77u-*CWWxjCk414S1KZTUbwc1a0B6yRDvojUMZkDzMqsxyY jn 
JG5QhMFQrTyALwCgJsP/rAf5xPhG2p*9Qu10yiBIIZwvKNKRQKL-*YLcvYvThi1bhj 
rUflYzzvviyXCy9LcX2GBop9yBF JzIcmKf LOMGua6WIkWX2BIjhGTtu6VThmRHuf 
OsqNg/ZrNCTYa7e1D6gwP5uFRecSZdASf+OXTe6M7e/vaN4Go4A3H8+d53SYQP6n 
pTt/a@DTHzZY77aNMh+mzkIHC1W3zZUd1S48tUyJMiAN3Tt+RFhHHZFgloJ7IdcYdM2 
01I+UD/5L9ghxN8dh13Fi3rDyn6Y5xB1xFuZ@mL joEI+3Pr1+B9Kgf+o/hxFttfx 
1uP1XcHt@a4gBr6g7fwGNssfw5S6g6hS9UDTAYOpvLaatil2TZmeYZzij19ssv36 
kr1VaRV9xcQCbY05ucD*buymFXPn/rhVdxhgIydmvOtdzDozyOWFDTvg jUBNeRnC 
eMVD6A1WdWOlmBqOcIl1JS0aY2FWm8Kju62XZA8YIRowlLysuq3zlIqDmzmqJFKwuA 
mRMZmUVhophMEn86rwob3Z87gNbyy1U/dXi+s6Vybx/kiwDXj fyhWBnhn1gkhgiv 
oOhGtt+yAliCVuHQ1EloQeQN04C5QTU0d1W0j489Ft6wpvm0tqc16NpnRYUhbCoF 
XhFr4wswggR3BgkqhkiG9w0BBwagggRoMIIEZAIBADCCBF0GCSqGSIb3DQEHATAc 
BgoqhkiG9w0BDAEDMA4ECPoEFEHQGB9dAgIU5oCCBDAOrGHyN47xktt1J1VvWQZN 
BYIMFzLN6p2/zKotGf7EMdgSdwlxkhKTWxunfoP/gfRD6boXTAA7ukJDsHXZrfXF 
KjI4HI20a/NihwqctphcLonBJXcofuHv+loP9MPLtwu3Mo1wsWTiHpf5XmxMoZQw 
fbrp2ohLugJO1ZRB9RfAUpaAhtFg91pLOtXEpz7GULEyOnYh9R8iu9bSel8bpl4S 
*AoxzXDAgYiEU6Yi0/47aRstd3HAuS3ERDnUKSoqVstslRSKnK/WrGYUwoy7kNDwy 
DBitfosMYOrpWEe5rXTBwJkBodcl3LBpDbNzdbrZw*e-yObJO9zfRlMplOxVfoiji 
q9UbRdgN2yo80RKwF6c63V2RdF5t j QHNNIM3K3tC9ZEis11jgn9LeOLB9Cd1qyE4P 
WfmHN@gwqDF1eX96TmUipmYM63H6 jcbnSc6p7eIZtCrqGjhsTqFwcMg@4WaXWeHD 
ffLXSZdzIUB*zfC8tftUUEOUX3tX4110U7K8uAuQTSK / AXwU j -MbQVhlz8te4FVr 
w4u1Z21841IYqhD3VdIOxXiZkfSKChRz8/7QacrXFvfKkrcrxS2iHMoxhoJ7WETNtI 
sl1W5R5runj61r50VTAHCFNFQfGBbTtV9AdP7yka9aQDWxPCoXFgeb1Q01F/BigzW 
02JP5Lcrw7ia0y88QbTzWhi57d4he50IpOwHUiGPh7s792mlltvuSpRKJkOXWv6h 
qAj5AsBB8JNvgXP71Ytx2vMdjw6gqzQcxASJAUHQgOCxmiODLUP-FHAY1CPNSjbR 
pHrTi1UFi/+9hYneQci++qPvkCqMuGHVxamd40LanGJN1NxE1DyMeduapX5rXuPn 
g66LPey9GQUE3SBNC2dmju0y7d8fWXEZqhqLtPfsuwVzdnWb1uAcjRfQPNo+uWe4 
ZihYisXK31qA557dRqdSv+6GL6/O0ZQOCTaYMyZIWD9 jS2gU6T3q2j 8uk1LNcL9n8 
aSpQ5xWspBXpzXo39fG6CMeqzZlFCqrvQwYhdXbtxn90x/pimmWOlcqAxv-*xythW 
BMx*il1JEdbCj015wjmsCWNPWIMA4AVSholpZhs9Mq6rvgBXi1HJgjDODpSLCEOxh 
/GNoXoOX3LrxfCIDEhT8LyZ2NE59yh3t6pm88soFzaAghdjb1Fkc79nBbcl4NLKg 
SmL/7GktkxEznOiSYfnfJ905kjZC08d8RnoGf rDDUWD2ZIhbbxOCq4E3E0Zt13aH 
JOXRBOZLC9L2JNeSNiBZZGykh-*Pi4TsIzXL2UPQ*dyADDaEf8yamyYOAdlhFsnhD 
qr94YO9E30/rpFO0yUb2gCehEgT9nppVuMeridsCkHqemmgVr/52Xv/XK9dx4*YBjL 
4/31d0/yVJURqDIHH80o40gFArflkzOalrz9nJFugPO0UM8oNysaL9yr7/D1il1juV0O 
MIIDZwYJKoZIhvcNAQcGoIIDWDCCA1QCAQAwggNNBgkqhkiG9wOBBWEWHAYKKOoZI 
hvcNAQwBAzAOBAidIqBxZFwvaglICFCKAggMgTzrUvA/12Jqnv3AL-*P6990uX1ybZ 
NcTwC-hMRVOHoO0FuAAybzdSRBAaZch1-*8GheU8yz71YWmLn1PNHx1Z28inIYfmTfk 
Pa34Rk8s/RXxJIe8LMYL1qjk/FMq/Fpgc0S65S6bXvJ69Hb8gtAoGW8P1b0dd9bvG 
NbAk00h5r-IWiHAU8zGpcqWDWRgieGICsY0O0HvxAKKMV6FIjFVCTZevORVoyzmSX 
ZZgxqrbjwACZqOWReHPI3aEt5xVX3BihRGi4EIyia6yU10VOZTGBKqWUeKmOA5Gw 
SX3mH/kLiya3gwwGvdq1ncXc17V1STN1HFyp4ebGKgACsZ6NKkWjocwq2PwM/TqoZ 
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5i02tqvOeR81X7LrSegxGH81Kw3nMV4dH5txoVt9hddZCKKGcJ5Z8F1zxFP4BFuF 
7hOmRpUPdxiahJ/GkXDVIAw6BJKd4Q9e6sj JYxTeq4uOP6VAPMuDU7F98X/d9sEx 
2X3b1cJxuA7xtOnKAPsWEyWBg98B* CKG6KwO5s8T1ZVmlk15FCU;jvFoKCiWIKFA4N 
vGLiWOIP/jJ9N6Gqp4gNbm51zNFGZ7gZAtvsBSGQSOUPgfZcx2mRxpBmcX8tm5Y J 
hmY9EDK13umUUGKrPOrG8c7/MVAQegSKqQuXSfMK6KknXGe7 jwj s7xaQaRm9fFHS 
OKbGUSMSLXxRGjW/jzjUNAEWDiSYPCVo8E/Kkd8LETvjAowF772y900X1ZzcP7HWc1 
oYc0O/WSSh4e+FAbgqLo/8KIkGzJ23BAcdx8XAtxzUZhRdHaltnwaJsfTr4TCwq8C 
XxJG5u44/z6imqQrVOaXQfvk6sSNGdG62TkacYg2K63D9hcg-* TbZPPVSStWXyj8S 
N84anzTOxb1yx6aw6IL-*-uBLCA4jISgNFijaF5pwjLSbgTs5Z7skZdCam80xYmdJVO 
ES/uqFCQFUSamXXNbotviQk8jWuJFz-*BXzPYJN3t*3mp6SmgTZ2zP8FUQEEAGbSH 
DqYV621DcWRo/mao8xzX/mvkKm4ddGBldiusoHZaL4gdo2A1qThSMnMBsciC-*jEj 
Dq0r70XhHccTDW8wggWUBgkqhkiG9wOBBwGgggWFBIIFgTCCBXOwggV5BgsqhkiG 
9wOBDAoBAqCCBSYwggUiMBwGCiqGSIb3DQEMAQMwDgQIehcRLmVUApMCAhQOBIIF 
AHb5dXZKzCeRUo2ZS jOoyuFS3zQ5HhKyfapsyCqbYCKv /1SzNYWvuda7xfa*u0OM7 
/wCB9sWdzOMTpaBMHWx9hvibZIY65oM-*ryA4tTuKKqOJ1370snjBOdSNTKszsI3fa 
PUjslxqlIH3aC1shD7OqhIRGZzRjKA44PJyWv6260QrgVtTYR9NYTdee-*SbBZbkEt/ 
EpWipwftWXGR6tSYJQn99eO09Vih8HyQvwIpidUh3pCFOlow4VZyAqIWOHCWO9TAjB 
XNv*qfdH7fiX9wM5/GvnQReIsqjXCUoc6pSQIAqD/f-*I/d1F2ZmqM7KwXOLGRERO9 
OWZGyF734pN9GLbNetWm6rKxmlSI/5m6-42Jxxfann16P*vBSEgWJ/I8GnJAdzIbB 
Tyfjog4Gi2*1mrPzK74C79ntMOnfsr4xVzy/BknwZIaJksd4AVvOGkSOnfM6shtBJ 
B9uR*GJfthtsvIVUHNOkz2r/1VzMSRbOg9yR53hv1H/nXCmUjWz /BvobmoaVBcCm 
mOnnYZTHMNarIVYdLOFif5ZLH7WV/XVEVIoRntNRiKsK96VAHm5XboWQGCqLOheh 
IX3Nily1genGmiaFl1SQNMvLDko1ILDTKrlINvPmjG/WFoLntpJFPtYZsooT1j jXLw 
3VTSodtgKQNdPYOEidSJqwIS87fzrCB2Wmwys@iGfdsuNhSaqNqa@dMO6FiW2fku 
x7H+w7SX1/n9YeZUNLOcewLcC7E8IA1larjg1ZE1L6Yb21dXxV9q3PPOwKuGnah@ 
TKnD6mLn5BIGOGTZF1VspXRrJhFreLe+xsJR1r6nil3bcMWXXy7gbm1X/CREIO2I 
ynxEToDR*xZ6rjPWDJP7kVfAGvA8trCGrot4pbJbmwlBeMIylScdQoHEnyqrenOn 
RMmXZaKz13njtq7Wk78qoJq0a6Vh/sde0KcOPFkyTZdMBlTztmOK2VJUS3 jUVzP1M 
0WY2fyGDoA8901-*/MiNsgiaEghGybXBYipOex-*p7j 1GIRN/CKmpWsqjZnB78kyXm 
Z6AE1vC6neD/7zANInDkzXiun6ic72LoBX3JGiCSuM6hIPJO0AcDwlzTDu0H2rCQN 
w+tivJ2v4KbgeKoc6beQb5fZHs7VsWHikIcpwqB5ngwt34wHgFG@nTS41ZmvzSJ7 
FMRVGmsDYkDTpZzgNOaxiUBQMcEvxNIe3nAmA*dvB7w6XRQVSUsL-*vBFhHiWGZ7h 
k5sCeHElewXKO0SyJADgfFlYq3EfEgZ13h4wtoSfbBVtzbbyg2LNegUCLfIJkc7fm 
T7X7JSxbjOgndMHEeMdVb+NFxbgsXYrYD8rC2A815cQzZrsxb1bvgybEJz+NU/52 
UgGrPmdj JKuGBK/V2zor6qPvKyId1Gb4QQuIoyClwhZ-*qk9nEAEft84y7ISgMywH 
*1w87HrSHKfpqzQhCxlrLu53IYK/APhE7BYC9Q4tvIsZXSGZ*nju4tyzERSlaNe5 
njUeIENr4B/-*kXULwVDcvMFHqUF JMkFai8FUga7gyipZ*654cl1GgJjnNBO1va8Jc 
dtdPRRWAgwdrVn8u8J78KBzt6ChkrpKRV8VeWKBk9lhcTOZNpJnNqhDrkfzHBqP0 
Uo13317P7C*h9sNDI153W6IO0IodyQEOAv1WxHo4y/1d1VeGDaB7hOSDq9ZMpm9n1 
En7F6/1/sA4IUZHja/qRrK9hDAMOXqOLhFXuUzuipo490MUAwGQY JKoZIhvcNAQKkU 
MQweCgBhAGwAaQB j AGUwIwY JKoZIhvcNAQKkVMRYEFKJTQdVEPIApFXwBI/Dnjq/N 
83cPMIIFl1AYJKoZIhvcNAQcBoIIFhQSCBYEwggV9MIIFeQYLKoZIhvcNAQwKAQKg 
ggUmMIIFIjAcBgoqhkiG9w@BDAEDMA4ECKg4DtyiayOyAgIUpQSCBQAKQtkPOS4s 
LE60s7nP4RaJWBuyX127V/o06TUSBRBgQoPzP+aC+099wgisEKedyB47bAzcO4sba 
Aq8UkERASYHcEhdD2hGRCL7ou9jTtrr4RgZpa5V9CJcBOOt4bqy21UefOpm6no+R 
X840uyM4q5Q+cfH1rTQ1a/a+gLglbptoEkH/4dfR3ELYiXcM5UrBYTJOHcyME8c+ 
TXbpf7kiplTtlsrlZyU5zrWcxngrBxwFA*085W/uVR3QZSW*EGx/VCYwGruZ1Nyt 
BvBYjsYsnC+yKYXbqL81Dg0ePy+eh6VX64SwBLXcWcY+NK2EZrhzruFj1+PXFKY3 
IVVPJhTE907gJA0hzvAanOluWXozD3 /WPQaXhyIJDwM2MjznjL2MBydpy9K8Cio7 
XaV6PX8DszIZkf14DAz5f7G7WbwUq3I j PPPWilUv+JsR+dnqzWDJ22SXc+AdQP2sKk 
qMvP8gOpHOsVIXXE76c5rUcZCZD*gGv1avO7YttWqbDqL j6oQEIJ8LXO0QvwdOYEh 
etE0bJ5uv2njhQDhLkH/JIbmFSgJZeM8dtKHb8f5wZc2B*nXGB-* TFboGzSuP7gaW 
ulvKsJNqT/J/FYEqcamI2F+td7z1sGfbR9ckAcxXeb2uPVbCJ1a5@gR1z9qVm5Hb 
5f153X7aoQQp3F3LDGQmJ-*GFQ/oXXwabqn4TvNO9KDhxpGcMMU9RnugUfNU9GBecO 
vfrzmVKZdmJ36HOmMnLvgRakRhCV3kGABXY83hwUv17E1qASLKcAWIachkCCGpBG 
yGtP21IOZTn7PsLJR1BzKnePa7MgFcgoCToIpdQnCTtAsalmBmis480LN3GB50jeG 
bQvNf9TAviAO0tg5VuTA4/048V6uYSJsIZsawm3tGA/LjxyfV1aLddQT5Zf 5ZX9BX* 
K/PB40YAFXtUpMK/aL5G1MvppUJ9CjqAtnoKE-EkdQmyZ1VoDO9ih44zuRx6XVAA 
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EYafNB8ygjRHGsvPW@/M@EsOw1 6wzJHTuf /15fD/nH7XHSMZhCFOCtvLn8v+S1Po 
i2/4006pS2byjUFRbeCpzEpRxdv90LCb9ALdy0yG9u41W3yInKNFnaWBulfOPFCe 
ZT92M1BgwJA8ZcydtiiunRNAH5iWLSPloUpOD1v6En+rat+PoyRXIy2fLHBL25aw 
LhABoZPgRsCiLsiNiohfyngksrQKeRgOlaBMT92J8r1E4sUKirQlcOdiWBE6vmBS 
XzyN/twvfgPNIXgR@rw6c7VhhSthNTrsttg/xcfvJ/bftDbKm+RZL+yQoOkkAf9R 
5tizyMdMBlaMrpfrBxvNtMiykbZ88SYoA70Trwab2aHQluVhs80jXGBEOqmSudcS 
dV1EhBpo9HBsDZZi0IwOp5/B9fCHdnThCTiUm80eQ6mX2/DB9L1Nh7gHOyLL3azT 
m12D0ZpZNaXyxLzdiRiAdwpWZmmeg00G70yi0D5eIxh6cbnbuU6Ygdp-*pFFVYHfA 
vc5Czpne20PhXX2k800kbwawr9AfrFjIfAEmBFx5GBGr/1SiUQSkbUC/s209Yga0g 
WTYt3KXPzrThJJGZnnXZRTGfIi6vp8RsnPX354Dxe/Lp3gXDdIJeWG6XVAB8t3fsp 
coTqPkm/XGNMmOZ81KX/ReVdP-*dC93sov2DuDZbYGPmH1D47b00iA68GD64DEuNt 
Q8MhWk8VRR1FqcuwBOT @bc+SIKEINKvYmDFAMBkGCSqGSIb3DQEJFDEMHgoAYQBs 
AGkAYwB1MCMGCSqGSIb3DQEJFTEWBBS79syyLR@GEhyXrilqkBDTIGZmczAvMB8w 
BwYFKwADAhoEFO/nnMx9hil1oZ0S-*JkJAu-*H3 / jPzBAj 10QCGvaJQwQICKAA= 
SR END PKCS12----- 


5. Bob's Sample 


Bob has the following information: 


Name: Bob Babbage 


Email Address: bob@smime.example 


5.1. Bob's Signature Verification End-Entity Certificate 


This certificate is used for verification of signatures made by Bob. 


SSA BEGIN CERTIFICATE----- 

MIIDy jCCArKgAwIBAgITaqOkD33fBy/kGaVsmPv8LghbwzANBgkqhkiG9w@BAQ@F 
ADBVMQO@wCwYDVQQKEwRJRVRGMREwWDwYDVQQLEwhMQU1 QUyBXRZExMC8GA1UEAxMo 
U2FtcGx1lIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFwOxOTEx 
MjAwNjUOMThaGA8yMDUyMDKyNzA2NTQxOFowODENMASGA 1UEChMESUVUR j ERMA8G 
ATUECXxMITEFNUFMgVOcXFDASBgNVBAMTCOJvYiBCYWJiYWdlMIIBIjANBgkqhkiG 
9wOBAQEFAAOCAQ8AMIIBCgKCAQEA5nAF0glRof9NjBKke6g-*7RLrOgRfwQjcH-*2z 
mOAf67FJRNrEwTuOutlWamUA3p9-*wb7XqizVHOQhVesjwgp8PJpo8Adm8ar84d2t 
tey10VdxaCJuNe7SJj f rwShB6NvAm7S8CDG3+Eapk09 f zn2pWwaREQ6twWtHilQT 
51PduRtiQ1oqsuJk8LBDgUMZIKUsaXfF8GKzJlGuaLR15/3Kfr9*b6VkCDuxTZYL 
Zxt6*a3/QkaC31I9m2ygPubtHFJB5P54s8boROSKm10B1gsLow8eF9S70tcGGeooZ 
JiJUQCR14NaU5bIyfKEZV2YStXwdztoEJJ2f RURIK-8Ynwl1B3QIDAQABO4GtMIGq 
MAwGA 1UdEwEB /wQCMAAwFwYDVROgBBAwD j AMBgpghkgBZQMCATABMBwGA 1 UdEQQV 
MBOBEWJvYkBzbW1tZS51eGFtcGx1MBMGA1UdJQQMMAoGCCSGAQUFBwWMEMA4GA1Ud 
DwEB/wQEAwIGwDAdBgNVHQAEFgQUF8WEe9Cn73aQO0Lizbwi8krWeK5QwHwYDVRO j 
BBgwFoAUKTCOfAcXDKf xCSh1NhpnHGh29FkwDQY JKoZIhvcNAQENBQADggEBAG7e 
QY6Px7WZC5vCbF5hj0itxoz30yM+LRcSTGWoY XdmlwsNUzy31pE3dtADvevRtsP8 
uN7xyfK6XZBzhShA/BtkkqYGiFvXDpluOxWmqCOWPmc1PNK2mHil-*pGMfvnUwnxd 
6gKCHED5p+bUhDyIH2 f y9hGyeOUs8nvit+7 /HwBipN+nA/PfsPn+aU411K6qDoG/i 
kwyuiWcFFlc5yE5rkAe2J0/a4*HtzNmTK4jB/4GbyI6x1lUszPlEqKE-Es10Xut/y 
UWL5nKKaqpRRd07Pq371MpFQs2*zXtAfGheKzZU3XXrIPCAPyJjWiyU1DzpqgSJM 
OIp/HtXdFscHb9+Qic8= 

ST END CERTIFICATE----- 
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5.2. Bob's Signing Private Key Material 


This private key material is used by Bob to create signatures. 


Roe BEGIN PRIVATE KEY----- 
MIIE-wIBADANBgkqhkiG9wO0BAQEFAASCBKgwggSkAgEAAoIBAQDmcAXSCVGh / 02M 
EqR7qD7tEus6BF /BCNwf7bObQB/rsU1E2sTBO4662VZqZQDen37BvteqLNUCSCFV 
6yPCCnw8mmjwB2bxqvzh3a217LU5V3FoIm417tImN+vBKEHo28CbtLwIMbf4RqmQ 
71/0falbBpERDq3BaO0eLVBPnU925G2JDWiqy4mTwsEOBQxmUpSxpd8XwY rMmUa5o 
tGXn/cp+v35vpWQI0O7FNlgtnG3r5rf9CRoLcj2bbKA+5u@cUkHk /n6zxuhE5IqbU 
AHWCwujDx4X1Ls61wYZ6ihkmILRAJHXg1pT1lsjJ80R1XZhK1fB302gQknZ9FREgr 
7xifCUHdAgMBAAECggEABcQg1fTtieZ+0/aNdU149NK0qx97GLTBj IguQEDDBVFK 
21u4PhBg9AdgAUqLH1PE-*eq65JaGZwvFH8X1Ms2AKiRzYsPOQIoJAn1hc69uiEN9 
Ykcv4QHOvvqtCtWY j JVb5By9WPeLH6QynJ6F1BoSqxhURSWyYfTuwqt10HEhsUuH 
d3N5BmbFiRBNj4alA9zz-ri5xLOm33kMKai/Ajj3sI0AJsZ5ZVAhYbC8sCt1Xevb6 
141p9S6GSwGC1 9by+1 y9WC1QGtb5GDotvChMvmZS/03NeDc6xC/LZoQcHNVgiZd7 
f1g6iEkJ1CYK+D7xsd7Y63@w75Haj @vnlLhiJObSA+wKBgQDxv8j p2D6IVRGgY faC 
nUU3Mg7@wagX1 fgPHO9Sk6e9c8CgORh2uwWjpTawu88xBGFyZ-*xnWqr7GCNsltas 
3m94ri4A4R94+5uL8+00LC26gMDFfZATd1Q3k/h919YLk89tonQEUbCFZJdphThEb 
vg2W+nNsEVcQGuC1zhX@AyGMswKBgQD@BYk3sdGQbBA/hYD1EYsZfYebUiYv21Tt 
VGRgTohKFcLRAWOtGP9YRbKyEVkKBLhjgkXzS9xGqKywP71z9Iny+zDGbzk8E1B/g 
1S7GFGX5@TGOISfaFWTYdxt4mN9pduZE2b1T /26uyU8DXCEBhF /OghwQjJqKTYTT 
R13Ara5fLwWKBgQDQyVt j lyD2q8naY2D8c4mo3vHtzyc21tQzcUD8Z4vSYpsthbos 
KN/48qJmRv3tjqP+o+SXasYKsFE/4pIroLxTVNNkbQm6ektfttwp01 yPG8340wLk 
97HVWOig/tX6mOWgiyBsm*q9TKTrrvm1pRGlmE6BQgSYYyAr504u3V1nYwKBgQCl 
BAFvWyDhTVQHwaAfHUg3av/k*T*4KSg6gVKJF1Nw1x8ZW5kvnbJC3pAlgTnyZFyK 
s5n5iwI1VZEtDbKTtilkqKCp8tqAV9p9AYWOKrgzxUJsOuUMCZc-*X3aWEf871lIpNE 
iQKfXiZaquZ23T2tKvsoZz8nqg9x7U8hG3uYLV26HQKBgCOJ/C21yW25NwZ5FUdh 
PsQmVH74YydJaLzHS/c7PrOgQFRMdejvAku/eYJbKbUv7qsJFIG4i/IGOCfVmu/B 
ax5fbfYZtoB/O0zxWaLkIEStVWaKrSKRdTrNzTAOreeJKsYARNp6rvmpgojbmIGA1 
Tg8Mup0xQ8F4d28rtUeynHxzoDswOQYKKwYBBAGSCBIIATErMCKkGCWCGSAF 1AwQC 
AgQc9K+qy7VHPzYOBqwy4AGI/kFzrhXJm88E0ouPbg== 

= END PRIVATE KEY----- 


This secret key was generated using provable prime generation found in [FIPS186-4] using the 
seed f4afaacbb5473f360e06ac32e00188fe4173ae15c99bcf043a8b8f6e. This seed is the first 
224 bits of the SHA-256 ([SHA]) digest of the string draft-lamps-sample-certs- 
keygen.bob.sign.seed 


5.3. Bob's Encryption End-Entity Certificate 


This certificate is used to encrypt messages to Bob. 
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Sa BEGIN CERTIFICATE----- 

MIIDy j] CCArKgAWIBAgITMHxHQA+GJjocYtLrgy+WwNeG1DANBgkqhkiG9w@BAQ@F 
ADBVMQOwCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRZzExMC8GA1UEAxMo 
U2FtcGx1lIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFwOxOTEx 
MjAwNjUOMThaGA8yMDUyMDKkyNzA2NTQXxOFowODENMASsGA1UEChMESUVUR j ERMA8G 
ATUECxMITEFNUFMgVOcCXxFDASBgNVBAMTCOJvYiBCYWJiYWdlMIIBIjANBgkqhkiG 
9wOBAQEFAAOCAQ8AMIIBCgKCAQEAqtHAIBNMiBIKk8iJqwHk/yDoFWwj8P9Z1uYdq 
1agqIuofvjoAyjdA8TbsBRGdmvalOSQOepsNjW1ko71E8HlDs9JHn1E-*tzH3mKfn- 
G2erY-alkMJTXPvMAUdCA8*e10J7k91gYXDpzIWrP3KcOxT1sJ8tGJ6mhydJX3wP 
0/HuyHpfKQQfDusPH8S5yidPciWuB7Wj0XA4xY1pUAz2rSSAlnGvhEzKFbWA3BP j Y 
XPUnRWMtXFya1djq6Eb9M/klbhdZheDLLsjLUSXYU70r9VXGM/qcjd/NhWYphCeB 
cqswaM5mXLYdm@mFmqoecF62mUE@DiNdhwkT tnefd@c11+D3FQIDAQABo4GtMIGq 
MAwGA1UdEWEB/wQCMAAwFwYDVR@gBBAwD j AMBgpghkgBZQMCATABMBwGA1UdEQQV 
MBOBEWJvYkBzbW1tZS51eGF tcGx 1MBMGA1UdJQQMMAoGCCSGAQUFBwMEMA4GA1Ud 
DwEB/wQEAwIFIDAdBgNVHQAEFgQUSrOsMVMCSZxNA2554CVh1T6IYiUwHwYDVROj 
BBgwFoAUKTCOfAcXDKf xCSh1NhpnHGh29FkwDQY JKoZIhvcNAQENBQADggEBAC2c 
Y8FgaxgB-*Dx9gAF j35ae1vgzYiWI3Ax3FSxogo/GzpK//LB42150eBuKXbm@ixBn 
4nojxD7PM1M@i+ilAVVNJNaHY9TtgIgq8V/C@C7vL8SdBN@1e5ZRI7640hu9ivYv 
Ixvvt7gzvSTpe*NUT1i09xNgsC8v19WB/BwkqMAgDqMxqCxTAfyrvVwpxNBke75j 
E603xCj fdOWYcfMLK7EsTSgimYuonZjN7v/yqTdjn/iVH*agL/2M1SfiU36w/Yfl1 
7EM09uKGH/Javh-*2Vjd0j8rE/q21aac5VI91M6xz5oDZUknycBKKinR-*nJWMt5AK 
UAaL2Mjl3YtrUGBpxxY- 

Cun END CERTIFICATE----- 


5.4. Bob's Decryption Private Key Material 


This private key material is used by Bob to decrypt messages. 
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ITS BEGIN PRIVATE KEY----- 
MIIE/AIBADANBgkqhkiG9wOBAQEFAASCBKkwggSlAgEAAoIBAQCqOCCUEOyIEiTy 
ImrAeT/IOgVbCPw/1nW5h2rVqoi6h-*-0gDKNODxNuwFEZ2a90g5JA56mw2NbWS ju 
UTweUOzOkefUT63MfeYp-*f4bZ6tj5qWQwlNc-8WwBROIDz57U4nuT3WBhcOnMhas/ 
cpzTFOWwnyOYnqaHJOlffA/T8e71e18pBB806w8fxLnKJ09yJa4HtaPRf jFjW1QD 
PatJICWca*ETMoVtbjcE-*-Nhc9SdFYy1cXJrV20roRvOz*SVuF1mFAMsuyMtRJdhT 
vSv1VcYz*pyN382FZimEJAFyqzBozmZcth2bSYWaqh5wXraZQTQOI12HAp02d593 
RyWXAPcVAgMBAAECggEAEvPt6aAQjEJzHfiKnqt1U7pA4UKb5EfAyFrE7PdTLkeK2 
RjncIhb6MeevVs8g06co7Zn8tuUT95U3cOXLhVOWTvaHYeurTXaknICz3Ie00S18 
SkiVZko70uJ8pR6asWUlr/zO0jlEwZ7RnEUWet970M0YeAO07LDFDKkF7eUq/ /6bfzT 
ewr /QfDDsv+erwJBh+9CRHOJyTUuDH1WeGxYV8VK3M6VhdT jFxXxFhrQ4pBe5J/UA 
17Bd2GM8Urg6VYzVo6x4ajnc1H/ezYLdc459poTffv6Fg2trqFVAj2IrQlAeqjda 
lemsa6Np801mUGknq3f jKS13RYGBv/48rCHOT8eRgQKBgQDM5TuS4ANQjO0YoOgtF 
xoVjbV1ndOo-SmdFkZihzQHxcbLY9HXe5HlbLf11MXz/nERxl*SmYuuJk0EdiM9r 
HOCcHRLfBmC7t@GdVvLDHSAX8Ec47LbtKZqyM1U9dn7Z+5q4iywqpaP8pP3+o0Y57 
cgtQax1jle3xhRAj65c11RBmQQKBgQDVbLqkK6wKDf SdZuUMZGUtOYOr tamBDCgEU6 
rEqBAyCPy5NpF1pomUFcYKWT /wbReFqtuyq20yiATBOyHHMko46BUtN7qX/m/skt 
DHWXVWs1-*GAIgEMVokM9jjrkgdY5grrJ68sagKC*bgv35BizHPIqgQuO6qnPSrM9 
bevwbQEj1QKBgQCiPE/zeBSnzy jeaTdLxGkR1R+ZX2WqdNdYqnQkiWMkflaSmt5J 
4raEj+GhLC5BZsZ6+z480M6XXFWOwSkbMv5WH1824KHvgKc foh@0iR1EVyjN1gDx 
wKOQvjycMhs3FpXn@ar jCczS2wGSgPGEpUR4JJhcp faF6kphZsWDWzZVLAQKBgQC2 
ivbK1tNhj4w2q1m7EGC3F5bz15j0I1QTKQXYbspM8zwz6KuFR3+1+Wv1lt3@ncJ9u 
dOXFU7gCdBeMotTBA7uBVUxZOtKQyl9bTorNUT1wNn1zNnJbETDLil1WHO9zCdkrTIC 
PtFK67WQ6yMFdWzC1gEy5YjzRjbTe/rukbP5weH1uQKBgQC+WfachEmQ3NcxSjbR 
kUxCcida8REewWh4AldU8UOgFcFxF6YwQI8I7ujtnCK2RKTECG9HCyaDXgMwfArV 
zf17a9xDJL2LQKrJ9ATeSo3409zIkpbJLONCHHocOqYdHU-*VO2ZEA4GUu8DKKk3 si VH 
XAaJ/RJSEqAIMOgwfGuHOhhto6A7MDkGCisGAQQBkggSCAExKzApBglghkgBZQME 
AgIEHJjImYZSl1Ykp6InjQZ87/07f4KyhXaMGDe340eg- 

SSeS END PRIVATE KEY----- 


This secret key was generated using provable prime generation found in [FIPS186-4] using the 
seed 98c8998652958929e889e3419f3bfdOedfe0aca15da3060dedf8a1e8. This seed is the first 
224 bits of the SHA-256 ([SHA]) digest of the string draft-lamps-sample-certs- 
keygen.bob.encrypt.seed 


5.5. PKCS 712 Object for Bob 


This PKCS #12 ([RFC7292]) object contains the same information as presented in Sections 3.3, 5.1, 
5.2, 5.3, and 5.4. 


It is locked with the simple three-letter password bob. 
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Peres BEGIN PKCS12----- 

MIIX6AIBAzCCF7AGCSqGSIb3DQEHAaCCF6EEghedMIIXmTCCBICGCSqGSIb3DQEH 
BqCCBHgwggROAgEAMIIEbQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIe/d6 
qDQ/28QCAhQGgIIEQJUKA5kzRVm9d6rEwC/ORyBSgpPuSROUQT j spt6éEhBZ1gHc3u 
FTCPa05P/vpeWaCnBRarGFn3DmqA3JT4*59bmRpGdiP3Zrlk2bEbHiOyrd2P3UFDnX 
qRkkI*7pf6eOHWJRntJA*-KJS8v3tZ/hpiEKAEav/MqO0IFNFyEiZpCkbKCX5auDb1 
p5c3J2MNg/WNBfpGJUHKVIzuIF3H-8LfFgayRsDsppoUMffR*GmdL8nxLiqhraHD 
*Iqr3LpEroNi/iZQWUTFTUlaePf/2KMqaHOuy41IVvcH1jIcLXHGNa668S8AP/Hj2 
TJPPg/1ve76DVaGdEnx4QJd4ApBFQac90zmhxU1HZrvzubK9t4e51r80wpd2djvZK 
wSLzUgtQZXq8pSs1r85vrb3KItdYGF6SZpX029FS7rY3uYth5SYVUQWdUYYY3S0/ 
nsaLg4MCWUOA4Sh7nY JZ151jkk9LS7JhmwKvizHRRTXbLyRDH06e-* j CRgLcU2WSUq 
1bEr9JyOucK8zNPTf8HWBTSOUubvyA4JfO3mVpAREX/8ozX1LztWGblFGbyaJ9YA4ga 
LM3JpKxMtb1UTxoAy j3iFwGlGZFGKBlWplre*OdkKkC4dloFE221INfLdRNLVOmPO 
aGZhsDheB8iVOtN01u91B1U68Q7AL1ryXWUS j ouKGRSU6UMDLZ7 rwO@w1ZC1m40LG 
BF8Cm04ELmb0ci78fBs/qDX1f3BJazcNtciamEsQPYRGkKHASBRYtoDfVy6mTT4@0 
obdrZigcvCwttDBu7RtynAQVZ8DvKzxFGhe2p2Yc9H5A5ML7IwqNtyY zheduBAQTE 
j AU2 jMqunZN5wULEnH2TF6KAQNrKdtBYMbqkToKgxf5Z f «c JZbyQq7WM6nVf0M7g 
kcFdeHDn/CWoSNHI1+JA3wSDM@6ZkU5HMd2MpT1RLTSaemImUKCAGYieJmwNQxR9 
aYHBBw5BNBw1 XRB7WRka2Uah@Xq/wAgal/o9L+mShDRFJjFit+t8AV3KR@WWHg820 
9qchX7P5H3Sy/tq8yUQIo1+hRiRjkfiIqy6AxIRttrK4WbW4scUtBZSkg9uUFkKTVU 
ybnV6WvBpn2SrnwF /E1ueKARVmouWJ/7 f iLUXk6wVvVtuBZw2gE5QGfuCwq@PQsC 
xPx8MhN11KZYDVCGsyUr /LMHeKNc31S2HLGQK7kh/0+QQazafiJocQ+kRbS1VX1D 
nQlIhz4zvKsBgzHpoe3wQcfAY5sp2ubepsZ5T/YHkmroBmvA4g1vi7nlCetgxXrh 
2V60XvaZ*BnfsYxJeUZGnNMNEDFIzS7xB180jtT5JNO0o*9tL sdikdikl69IsVv-42 
eCv9Go*wh19cSAL24rkzdKVuilAXS7tzel3eWGjdKoq3Ke-tfJtobSGrB39xgLVr 
3ho63hd*qTUy jcAhVL3hAJinv*/KT0jR8fq*CDsXMnCEWugHhwB-66NOr876MIIE 
bwYJKoZIhvcNAQcGoIIEYDCCBFwCAQAwggRVBgkqhkiG9wOBBwEWHAYKKOoZIhvcN 
AQwBAzAOBA j iGuDSk f G4UwICFLWAggQogyL@8hPtU152dk0+BVimcGXW3FmDrT@D 
gU3Drd0P76KzYzd21LuGb9dx84wxOXnFIXeBMAF3QSDbCK4tOuJ6JRaEeUoCAyZd 
XyHtLjVeuozt2xHBDUgQVE01dZHtk1VUgzLSCha1rXjcwpa4+8xqqoVM3C15uBh6 
QLUNey8Z3Y1Klk018Tdge600Urg72BPKppNf J1NA4TnOFwMVMA /gqHAJ14pL1YDpmc 
5BZm4tMg0HvPiz96uwjEhw1GZFGOgZIogeVJuqCNiZPDjCFEDgnCw6sciS5Bi-dX 
KmevUdamSr93e2eEPLbzxZROE0A31ICcOj66iHuZpU9YhKzsAIhLMXxT8kF8110ZZzj 
8N+P1hnk j dVWuJLg77pkXxQJyvuT@e20c9r /DCHjckneen3+E661IKsYbib7sXx4g6 
20FBJs-*7xQopy69pC8jCn3fx61t7AFx2RIvuVHY/eUAsXoWkJNqQ3Vxj2SPWK j zJ 
AIIvWVxIFiQjjOtDFdGYPGukJXn62Lbb8CFgam9s4jDKnrOLHIngVeUIgi4wkvva 
QzZTzXfUApezQgQqy4x-*ogdiYF1UOa00aqvrGRiiJlMdRi0/MDy-*jzkX5cULhxkF 
vdBNCirv-*3zBaiJ5Eu6q0zP5Cxi2qXhSbehZqvTPBA4dD/vu9yxHpZmUCvzm7H213 
Tdrb9WxHOc92ZpBzsfiCA1smVwTDFVGa/kqN6noPwOqWZANIKk27/-*apsTkBYaVpa 
jpfn9eydi5eV2*pEQV08fh40JfiKbHS012E3Gp/rPm91VgmCmjBWh-*Dilk4qgF/f 
lsxWgzXNOxPntpohnM6AZDxW9Sk-BETIDLYSAWFwUg679BsJG6hQqAZKvG/8agSH2 
k* TKKYUbXbFVCB0x iuNZIwgf4qxGzvI54*Ioks*OcxuGCqwOu30QbfECEGO1QbKETn 
ic3kMiZ5Cxt7NQSuyEYAQ/AmvM4qo0x7Tw1r7tR8BCAEF6fGxd2VXIV8Tr/pXGO2 
HL*0ilHs*0b67zlTHr7wUBAtCp9LC3IIWdsr7KcSRNEMXpUIFIOetCjNgCU3iT-R 
9152150fWNGxQfaXTEyMVNaT1HpwihlisSb9QHbagaRLbYmqJ-*ILSECADYQPEWf- 
LTO1tcOhkIb6BiwVWUuOOqNj61ILJM2XvmknATyUj9MYcd77x0JzMrJES5VtaM5BVT 
oRpcOLfhYOmihceGSEqXX5golkqfLUze7z1slNWMYTTLw6tC6I-c/IUIWJnZTA4m2 
RbTQOkrfPn94zbTjrGA2HS54*Ke3ySV6Fv8MZ*s93yY1v9iB6cVPEUtelLRc*C7e7t 
1w0bQ2*MyAkjenS5Td*3tC71RA202CSfY2SaO0sRv-*EaYjTGzf9F3TM70605*VZrM 
gtIKtw2okRcjRhaKDfhui6jo46YYzWbrgOS3vzc60VcwggNnBgkqhkiG9w0BBwag 
ggNYMIIDVAIBADCCA00GCSqGSIb3DQEHATAcBgoqhkiG9wOBDAEDMAA4ECEyHXPVs 
ncxTAgIUQACCAyDSBlYeFnsa4vtKApbLnd9FENDYeYqkKmj01kDagMqHC22 /nQ9v 
gz21005FQJoaJx/WSorQtO0Jny1QP9vZd2t-*bkfoaXOROMtmFY5SOtYEudJplrCz-* 
ZEw8JlePJRPOQ31nwEiSk5NnXLRWNzurleuyZEd1VbTvi/rF22sRW1mU335L67zj 
P1sPeXkBpIYCPLHw8EArkaC8G1ko5wyrnhuqLA4ItzhvOORvgRaDflpPO9WT;j9LVUv 
FD5D59zgbO0ptaW0jIwA4JplIGXIEZIynWAKfkWy2YJvsXiuLHvN3Z8qL6VtxNGKk1s 
g340uKkUUlzmtDJqGT9RVkoYBXxN7KYesbSttONhPwdv /MxHrEo8TGHZAvbmwgft 
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hOUrc/WVtUopPEs4QgrsA8d0MrSd51VtPWOXPsBPEnLuh7dqAlmgztYl1PAYztk2/ 
JJ*E4MosmhRjbKzM2N5WuG1DC5m9KF/5JjNVwQ7e8gMeUv /3gizgCG/4Mgng0VGG 
IxGzzBoQXPWCKdT3sLQVyt4/pqPBpZYnPO9bmkkY /UTa1unNB+WWpLOkKSzD5wRv 
/2xmNO2D37DnHwTFYC51ZblKz7FGjOgCwG95VPc8NQ8aG5rqpQ-*muq/Jil5mXgNw 
IDeM4bawa01UKEzqTGQUb3gsJMGiVOhgtOrBiO9Kx/2PJolUuwZGcbo40GSVR7KH 
lLgIuC8alIQDyFURVYRCNwOw5U7JN5arkvZA4ty0/qk5UbjxQuDkF806ZdVi0310Do 
C*6zvncDx4HvUd6uQ-*u/kZfr8qfwM506D2qXhS/ZHSkq2xwIzb47uUUqaeg3y0ZJ 
++na7gC+ibtHXXnNsHUvPbpCn9qViFhzilcQZYq@tZxDKaGE/pzEP/TA41G24wEL 
GnyuUIHXBS9TOMchTx17BglycOPRDnFKzMQfUXY1rAErK76cs3y4VQDbfYDiOzsa 
1qqMApIX4i/qKFdRvDuLxtZQbVA/rNummA40L PUQ5OvEngIESA74G-* / / YObVjbMjP 
ythm7/15q5LRo9YxCS49KG1Z4NG1QMWjnfkpOCNVZVpaQ7TPGOIYZBL6kTCCBZgG 
CSqGSIb3DQEHAaCCBYkEggWFMIIFgTCCBXOGCyqGSIb3DQEMCgECOIIFLjCCBSow 
HAYKKoZIhvcNAQwBAzAOBAi0/0ICbTbZLQICFOwEggUIFwT/JI8UjJQPfYTFonJE 
o8zEbpYWXKboqw6 / zzsMGmAnUPgQNODxyuLVprs5jUc437kVB2M3F0x8DjmEppeb 
tHfIloyjoXF7jdnAA4EF38tsso0K1nMPmSg102iYZtOqsOvBpfe05Hj40vhi26J9Pz 
TwPcgl13QQPqfWv7CwgGVn4/hntBAriPSEA4gAlfAcqkxtJBm01QwDoAdsOKOMsYnt 
gWajpr1J3Hm-34NPLOAUsf10pcesPUJACBXNyLXxj jsOZD78WVVKY+N+j 89xTsyt 
z5Y@fEkFqrcl8pgBQxH72 j BwSCm5YwHz3BhWQgr2bpWJ1f2LWcVsnrN9tx6RhQtaA 
AkcyNgX/ksp5EWA4JTo*o6oXLRhXIYauRrUrisMY-*-b8ZJTp6C1tORW2QdqgMZghS 
ZgaW6FSC6Dy2Dd/ezdkYUCgiEtq8eSxF/8WDw6Va2iGVSNt4/p/0J97yN5y0J0K1 
g@hATebU+I3E74PQ9RK84F f JvyHDBC6f vYZW/ouMcgp3YmAF-*dTm74Hq88X4daV- 
/UPYf/cVpyiwcBTg6H3jrkrsOyKoWLIfrlIvMNBeeKZ-*f12bEnw1MFzkLIA4VGD/UeR 
wrbhNOSHkh51IGtuOyRTfq6msYQpkw-*jr7QwJIdQyrAoaaVaRotVyvgTOL1Hw8r6 
07v36yoNov3kDPW7DfbSVTWX51IyQn8NqMwa4AN1clWT8ukfZXSaYykFSqF3w5zal 
a4ilhu03GjDcfiWLMUlYVAUCvSmcIULE10W7FKiJc80adelu0JBySRSEvf7B3w81 
eYUs*u/h1ptrzZKhe1JdAtlszvHJODDOkMqA6Ig4yomscGSol/sRUqpeclIQwVZTC 
RRq9dJOFJKkKhKD5Eo9E0Z2snp01fpUF5q1MeBjpYgkX7jhyFyvq*qDqBAY8izvkc 
ruE69WooBVyorqKHURjWtY+rhzcB4+HL72wZKzLnY3iUj J1UANXM8mC9fpD1INJt/ 
7epqzPyZ2Kd4GJVYi8sQpFKfAtRHDrOtI5iUB78qj1EBp1w4qvRn/jC4ii7-*Bas8 
mz/AJ25QeviCA44Vj-*eT2YYXafDivrmoeBuVMIBbD066YnuBC2CeKydNWdiARzc3I 
fhcuhVwq7riotYfyDqd4e0Jy7Y57pbwv4AQwz1yCxRjSwiFQ7/fRa2Cx8xtxKcC/A 
A4LGnXAKISy-*uNbDWA7AYaP6RmGgMCaNiXy3F1zvxnE3bv68tXRF9v juEChUq56N6 
992gqhoBuHP0J /mRItw-*Jol4m/OFnEUGTS3bNyxpEFyA7aXBE91aQdSX14a97nC0 /R 
SFH/fRwPFYgxr3XdCIf3Cw5PDs25YNsXWCsDCVejWMF rwOzmDwa8sBkY270+rGv7 
6qXvb/uGD3M2C+DySVy55Zd42wj ghSezgY6taT@tqKfLOS6V1I4ELU78Q6va208M1 
cUdi343t0i6@MZgCDUWPP8T jKZINhH8u1KNhzgpwNLz1gE@dd20013bbzdZ6ui03R 
52WQWRCk17Z91UesCJavytcAi0mMefMxBPMOdnUi608TPDRAOmcohbE5rybwDXAo 
B/VUbwgM0/qCpZ7VcSKN11Uuoe9*KhoONK/gyMEvntMxGNNI8arV8UkeFollPhrt 
umvdwqbVCeN8TBj5vXo6Hu-*eKB7AVwjBk/rRHpZxnnVGXbm8HzM-*kjib2cY1dius 
VRJ/14*Q9GXuo135tQbobgcMzAmqAqZp9kDE8MBUGCSqGSIb3DQEJFDEIHgYAYgBv 
AGIwIwYJKoZIhvcNAQkVMRYEFEqzrDFTAkmcTeNueeA1YZU*iGIlMIIFkAYJKOZI 
hvcNAQcBoIIFgQSCBXOwggV5MIIFdQYLKoZIhvcNAQwKAQKgggUmMIIFIjAcBgoq 
hkiG9w@BDAEDMA4ECCNi2K1bMEiBAgIUdgSCBQDLIXo04ExcyE8+4aiZIj/Wnh/SV 
VVROn7s4PGCbXt+VrOHd9YzTuUicAqIcHH62dv7NSy+fgqZG7SmVR1IodadFe+5u 
sAzXoyyhhEe2c+ToeVbr5rs+vBvQUyh6X5XTV5QVOAkwSyKGjyfdy86x1Q8cL2D2 
BM+Rpkml1cFtjgWcB46U6S6w50sG7XOKSCMI4a6rnHPVgPPdXMrj3VSPJY8bhBqED 
PVTnfSHf/wKZrIi5403F33B5jt6Cm9+9m9Fed8n+81w59rRom72CY9Xii/ULER9T 
Hwjx0Z0Q+dIm123Kauwexu0Gjii@UR8MeM/A@n7UNys+bZTulgdpWW/mDhJ+eLAT 
nhJw5ro/AWa6YVXG+t5k9LjdJ1ZmqS4bJxvBwilpEGoh@MM6Yp@dr1XM4mT /E0JM 
WD458Ngs@5CuCpwAUXGdQmgrVsFrrV@HTyHeVLDhe43 J3GI6HCWJVOeDQzzma03A 
M+IooRDkTHnJMaxUXphKTag5+f /smNYEhzV jZeIc8GFZ36eST4BNGHSXFACwLu2T 
hkzpXMmg50JAUhBYxqE /fVevLUHAJPLgz869wk8gR1UBo6ihQGrnsx7Z05IsYahE 
Yjz0NO5PVPJYMLSyMovG9i*LpzQ49gIBzPu2fdLRA1u5n505mG1Y4aJ70CJxMORY 
hWHuctHdGdpJsgiq8*1iiUwmfyCfbOZL3ePMU*-WOzkAsyn22aK8jDBLLVZ1vOZIV 
qR3G6x4QFPSk6qCMQO0E58VkMUMxYvClzTwSeEMu66eND /AKTE-*XXV / dObmSmWGk7Y 
8XrDKLKfmRdrlIeondVJv5mk12YKxBPQGeUqK5XJUa2dzH9zvfEX8iYzdt42810QC 
iXJ3qwmbT*8RoOLBt4Ky0Os2e2ZSZnjrL90040UsHIOyEf jwnWoLhKbkmun8GJxoB 
2yCzTawVQf9/qIUXaSzcp23AV6Lf1k90f79HYPW3cQJAt j fGXBVE1xVZPkfTuC3y 
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VLuf1js2ed/ctpHg9nuId/xHFH7t4HbmU3 /ZufE1GHnsRQ3kbnqA5WXerd9UzeoD 
aVDjFXGrITp8env068GXYvwWGXLL15010DuJSv1E-*1yww86SNjBYUTx0r0CJj jTk2 
7vIUhAYUEA-*J71IeifqqPDKYXnrCdUEajbfEdek30WiLR*ChEvEp48Mla6UVTLm/ 
mjziwbsxm5QlGccmz13e32RiyrfseB*RyllmzeJtydP2IHkWK7pww9yOlPKOQtZs 
661GZKqeXrWBk9QFYDX42gAy /xTfglco4K07akhp3UzTIQyTXnt-*OsOScc-*ArVm/ 
dwClm*-ZxybtOcVyadjpKWydyfAr3aTkGxX6RmHrEWr1R9BnMGPYesDs-*yeVNs10OQd 
Dhff/bQLwCLXdGLWwLe6kitUiyi8F3bdfPjR7R611EUvJrBm7YLmgdxRCJO2LFLG 
n09isMNe5vmiNaKiuzfb4Dp9dqEMhmJfdsTURagfJIyqULoe08EIIozahivbzoWV 
A6oPAKk2D8DnTiMegX4IZ/Zb3LPxJKAeXO3Ys1YQrNSNZ3B2ZISBapzGzhFZfRVz 
POmXhN53pDhlxkwObtkKblYA9CvP-kzgwekzCy/M1q/Hb038CV1NKzay3yg4nteh 
J*v9/k7gaqKmo3ZWMGk0WGBv / GFxYhmeNd14Y65D9TlypM/zrXSyGoOqZgSA6H1A 
gogzwwSaGwx9n/o6czE8MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIWIWYJKOZIhvcN 
AQkVMRYEFBfFhHvQp-*92kDi4s281vJK1niuUMC8wHzAHBgUrDgMCGgQUgwa f FeGU 
n9Q1rAOUCgw-KWxk-8bEECJ1vqXe6roO0FAgI0AA-- 

Soa END PKES12----—- 


6. Example Ed25519 Certification Authority 


The example Ed25519 Certification Authority has the following information: 


Name: Sample LAMPS Ed25519 Certification Authority 


6.1. Ed25519 Certification Authority Root Certificate 


This certificate is used to verify certificates issued by the example Ed25519 Certification Authority. 


=== BEGIN CERTIFICATE----- 
MIIBtzCCAWmgAwIBAgITH59R65FuWGNFHoycON3iWesrXzAFBgMrZXAwWTENMAsG 
ATUEChMESUVURjERMA8GATUECXMITEFNUFMgVOCXNTAzBgNVBAMTLFNhbXBsZSBM 
QU1QUyBFZDIT1NTESIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIWMTIXNTIx 
MzUONFoYDzIwNTIxMjE1MjEzNTQ0Wj BZMQOwCwYDVQQKEWRJRVRGMREwDwYDVQQL 
EwhMQU1QUyBXRZE1MDMGA1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydG1m 
aWNhdGlvbiBBdXRob3JpdHkwKjAFBgMrZXADIQCEgUZ9yI/rkX/82DihqzVIZQZ+ 
RKE3URyp+eN2TxJDBKNCMEAwDwY DVR@TAQH / BAUWAWEB / ZAOBgNVHQ8BA f BEBAMC 
AQYwHQYDVROOBBYEFGuilX26FJvkLQTRB6TRguQua4y1MAUGAytlcANBAFAJrlWo 
QjzwTO0ph7rXe023x3GaLPMXMwQI20f-apkdG2mH9ID6PE1bu3gRRqIH5w2tyS-*xF 
Jw@ouxcJyAyXEQ4= 

Sao END CERTIFICATE----- 


6.2. Ed25519 Certification Authority Secret Key 


This secret key material is used by the example Ed25519 Certification Authority to issue new 
certificates. 


SST BEGIN PRIVATE KEY----- 
MCACAQAwBQYDK2VWBCIEIAt889xRDvxNT8ak53T7tzKuSn6CQDe8fIdjrCiSFRcp 
SoS END PRIVATE KEY----- 
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This secret key is the SHA-256 ([SHA]) digest of the ASCII string draft-lamps-sample-certs- 


keygen.ca.25519.seed 


6.3. Ed25519 Certification Authority Cross-Signed Certificate 


If an email client only trusts the RSA Certification Authority Root Certificate found in Section 3.1, 


they can use this intermediate CA certificate to verify any end-entity certificate issued by the 
example Ed25519 Certification Authority. 


----- BEGIN CERTIFICATE----- 

MIICvzCCAaegAwIBAgITR49T 50AgYhF5+eBYQ3ZBZIMuu j ANBgkqhkiG9w@BAQsF 
ADBVMQOwCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRZzExMC8GA1UEAxMo 
U2FtcGx1lIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFwOyMDEy 
MTUyMTM1NDRaGA8yMDUyMDkyNZzA2NTQxOFowWTENMASGA1UEChMESUVUR j ERMA8G 
ATUECXxMITEFNUFMgVOCXNTAzBgNVBAMTLFNhbXBsZSBMQU1QUyBFZDITNTESIENI 
cnRpzm1jYXRpb24gQXV0aG9yaXR5MCowBQYDK2VwAyEAhIFGfciP65F//Ng4oas1 
SGUGfkShN1Ecqfnjdk8SQwS j fDB6MA8GA1UdEWEB /wQFMAMBAf 8wFwYDVR@gBBAw 
Dj AMBgpghkgBZQMCATACMA4GA1UdDwEB/wQEAwIBBj AdBgNVHQAEFgQUa6KV f boU 
m+QtBNEHpNGC5C5r j LUWHwYDVRO j BBgWFoAUKTCOf ACXDKf xCSh1NhpnHGh29Fkw 
DQYJKoZIhvcNAQELBQADggEBAGVOx00EzgY1RKixMcztiikxxJDbmRatipcipD15 
1n8kiBoGhsTAfNZJVoL00OQBa /WTMntL-*qcAk2itqZCNIeZeGk1U1jXBAz5tkDRAF 
f/v99LEcsZTcuIbnJqz35danQkp4/upGAhPkfx*nbci1bsVylrITwIGOpnGhz7z3m 
VCKkO3DFE3Qt4w9m1v9yuMse33nmsBGXog/XZvM2JRYOiKtOxksQqQD9uYm7MoMeH 
qQs30t7EaoPj54xyWvy42run6TLUye64D94SNjB/q/wjL96bsVIKGrRn10T1ybCh 
A4F5HD00hQZgP15D1bi1rg-*vskN8MSk5nuD-*6z1VsugioW0-k- 

----- END CERTIFICATE----- 


7. Carlos's Sample Certificates 


Carlos has the following information: 


Name: Carlos Turing 


Email Address: carlos@smime.example 


7.1. Carlos's Signature Verification End-Entity Certificate 


This certificate is used for verification of signatures made by Carlos. 
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SSS BEGIN CERTIFICATE----- 
MIICBzCCAbmgAwIBAgITP1A4fVCTRtAFDeA9zwYoXhR521j AFBgMrZXAwWTENMAsG 
A1UEChMESUVURj ERMA8GA1UECXMITEFNUFMgV@cxNTAZBgNVBAMTLFNhbXBsZSBM 
QU1QUyBFZDI1NTE5IENIcnRpZml j YXRpb24gQXV@aG9yaXR5MCAXDTIWMTIXxNTIx 
MzUONFoYDzIWNTIxMjET1MjEzNTQ0OWjA6MQOwCwYDVQQKEWRJRVRGMREwDwYDVQQL 
EwhMQU1QUyBXRzEWMBQGA 1UEAXMNQ2FybGO9zIFR1cmluZzAqMAUGAytlcAMhAMLO 
gDIs3mHITYRNYO+RnOedrgq5/HuQHXSPyAKaS98ito4GwMIGtMAwGA1UdEwEB/wQC 
MAAwWFwYDVR@gBBAwD j AMBgpghkgBZQMCAT ABMB8GA1UdEQQYMBaBFGNhcmxvc@Bz 
bWltzS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBWMEMA4GA 1 UdDwEB / WQEAwIG 
wDAdBgNVHQAEFgQUZIXjO5wdWs3mC70afwi-*xJzMhD8wHwYDVRO j BBgwFoAUa6KV 
fboUm+QtBNEHpNGC5C5r j LUWBQYDK2VwAOEAwVGQWbdy6FQIpTFsaWvG2/US2fnS 
6B+BzgCrkGQKWX1WgkT j 4MEOqL-*0cFXLr7ZQ2DQUo2iXyTAu58BR6btcCQ-- 

= = END CERTIFICATE----- 


7.2. Carlos's Signing Private Key Material 


This private key material is used by Carlos to create signatures. 


Eccc BEGIN PRIVATE KEY----- 
MC4CAQAWBQYDK2VwBCIEILvvxL741LfX+Ep3lyye3Cjr4JmONIVYhZPM4M9N1 THY 
Sete END PRIVATE KEY----- 


This secret key is the SHA-256 ([SHA]) digest of the ASCII string draft-lamps-sample-certs- 
keygen.carlos.sign.25519.seed 


7.3. Carlos's Encryption End-Entity Certificate 


This certificate is used to encrypt messages to Carlos. It contains an SMIMECapabilities extension 
to indicate that Carlos's MUA expects Elliptic Curve Diffie-Hellman (ECDH) with the HMAC-based 
Key Derivation Function (HKDF) using SHA-256, and that it uses the AES-128 key wrap algorithm, 
as indicated in [RFC8418]. 


S BEGIN CERTIFICATE----- 
MIICNDCCAeagAwIBAgITfz@Bv+b10MAT79aCh3arViNVhDAFBgMrZXAWWTENMASG 
A1UEChMESUVURj ERMA8GA1UECXMITEFNUFMgV@cxNTAZBgNVBAMTLFNhbXBsZSBM 
QU1QUyBFZDI1NTE5IENIcnRpZml j YXRpb24gQXxV@aG9yaXR5MCAXDTIWMTIXNTIx 
MzUONFoYDzIWNTIxMjET1MjEzNTQOWjA6MQOwCwYDVQQKEwRJRVRGMREwDwYDVQQL 
EwhMQU1QUyBXRzEWMBQGA1UEAxMNQ2FybGO9zIFR1cmluZzAqMAUGAytlbgMhACb5o 
MczTIMiddTUYTc/WymEqXw8hzm1QbIz2xX2gFDx0o4HdMIHaMCsGCSqGSIb3DQEJ 
DwQeMBwwGgYLKoZIhvcNAQkQAxMwCwYJYIZIAWUDBAEFMAwGA1UdEwEB/wQCMAAw 
FwYDVR@gBBAwDj AMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc@BzbWlt 
ZS51leGFtcGx 1MBMGA1UdJQQMMAoGCCSGAQUFBwMEMA4GA1UdDwWEB/wQEAwIDCDAd 
BgNVHQAEFgQUgSmg-*iOgSyCMDXgA3u3aFss0JbkwHwYDVRO j BBgwFoAUa6KVfboU 
m+QtBNEHpNGC5C5r j LUWBQYDK2VwAOEAzss75UzFuADPfd4hQdo5jyAQ3GvkyyvI 
BdBGnWtJ1eT1WuMaIMhil rH4vPGPd9scwW+sqd9fG+pv3MSh1+ZKAQ== 

SR END CERTIFICATE----- 
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7.4. Carlos's Decryption Private Key Material 


This private key material is used by Carlos to decrypt messages. 


eS BEGIN PRIVATE KEY----- 
MCACAQAwBQYDK2VUuBCIEIIH5782H/otrhLy9Dtvzt79ffsvpcVXgdUczTdUvSQsK 
eee END PRIVATE KEY----- 


This secret key is the SHA-256 ([SHA]) digest of the ASCII string draft-lamps-sample-certs- 
keygen.carlos.encrypt.25519.seed 


7.5. PKCS #12 Object for Carlos 


This PKCS #12 ([RFC7292]) object contains the same information as presented in Sections 6.3, 7.1, 
7.2, 73, and 7.4. 


It is locked with the simple five-letter password carlos. 
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esses BEGIN PKCS12----- 

MIIKzgIBAzCCCpYGCSqGSIb3DQEHAaCCCocEggqDMIIKfzCCAvcGCSqGSIb3DQEH 
BqCCAugwggLkAgEAMIIC3QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIwS3R 
pT1mkyMCAhS7gIICsGKkBmOnci9VHfqxOTWy/l1kKyQeF5bwsF/9gZrqUym1KtHZF 
a4rSJIPUctmzqVnhGmfWw9m+LEi7Em9rRmUIQbDZt4kQDG5eDk7AdhyDnB3uZDG1W 
4cAeUVXJMzGfnwtzy5TzBZzEo5nnVX74A1*PDW9wdpbv2TIriLOm29fBT-*7HVS9F 
Z/95XokSwbb6mmCYeGiPpNEaoeUeuUA4zrh/k* JJqDuqNsU66130wHOCFmk3aarBV 
S3LkEeCjKFkngzMOZqiKZu8D2hEUj sGQ9ALSRn7P+hIWNFIgjvqgcCMTF8fLK1C/8 
vYGD«*HOpnn23nLele4b/qpFYx5kJ0bOK1Zo1SpgUQ7Bu6gectUceyOgi7CjRScuV 
ew7/918ZY0ugyYoIWATOkecPMOTFtxAn19JPXo4jBYAlwUtx7GYAlDkgZCb/O0dbkv 
AL*PAeJKAkVDREDQ6ch/6/h1qU8xHeNzdagEWYL6FxWDiHebASxIvZzqkLd7RV9m 
dL1FXst9R9G74j0s0WMMFmd9toyOhD0q6Gl19catOrolCVS/CKaCOCucsJfiKrlJ/ 
duQkt/JwcELveu0g6@u2UaGKUqHmF hd3+60mk+wNBoY+@D5MmBZ/xnrVELGmzp94 
q0f /HfZPT6sxkYBGuP2eUA/qr/zimNG3TuGVch/MdnduuVhvAYLyh1gbA8yRm*I/ 
zGCVuAqhsHITTx7Fqc3tyVp/mLYUOOQuwmgAw6NhzwKZ f 5N-tRODZGcgw8rZpeJA 
yTxVFcjzXvoShxog7RroR9Nc4FwJhWIA4BO2410HFEiQZeRk8vzI8WIFXnn6t42/q 
j1mV7Ba42zxPEGoY3m0bKwjR6rDp6KwmmfkghpwMPU3qgP2/ASV8WT1+9GIYHc5Am 
9CmSOTiQMluW70Ra2k5ZMlwnbKNyMRbjUB/yHwwwggKvBgkqhkiG9wO0BBwagggKg 
MIICnAIBADCCApUGCSqGSIb3DQEHATAcBgoqhkiG9wOBDAEDMA4ECOMzXMste/8a 
AgIUlICCAmgXa-*q2JhTLvWsj5SKLdMninTk5uB6HhOsDKYR9GDg / cABqUFXxycROG 
JeJuewIRkJhsfdXJi*TSRtnQOqpyVM9oRUdxcbGuCI98fEbLmVyr7KF8GudTgC-*b 
eaL jn6HYkWpv71WdvsFG8BEy6Jqi3/tP9PgNvpCYgVVM7yx6SX8QArcLSQkxbTsv 
Ae0iN18H89W9xOHEz4Z2qHYyb7f0pPHrmpTGC6qmtvo1gNRsKTFOwYeQ5Sy/9U3f 
oM6bIcrOvHDksaco4+5n@zeySDETY8W4m01K@uUC/t@oTOScCYGBeRhVr @DQapZGT / 
Ej5LpgjXOuosAoT3IKnMwK3C00Z80BzcvgSpeAa/V/OTKDpZb22yq6sEaHAPoUqb 
cKRJmB6HC5mdLs3n0uP1vlZuYsHu7EvtO0Uhns9pbklJDiCgM-*4SFgKTRbd6Xt8bf 
GHkWnmpv4pQL7 j jzA3epP2DHyC8MJaDv1eWY7Z3t/IEtkzVxflLo8kT21edz12cm 
uFVK9ilMW3eJuyiRyFXFPgVsuNi/HFnijXFgxzAncP7fFP5MCsOo6daiEjJjemKf 
J3D+HdD60gFih/ex9V+tGl4y7/jtxCRA/54mit4sCy3LC0++1lEp9AtFwGY rDw825 
uGj27a7mE26qgGdGXdzT9UJ8FfUsIoRPrG38Q4mhS10pTarNucWOGjkftZiKJLay 
rfMRf3HYxOI/7iupfxYLK/4/FODijaHzAfSdQf2Bo7csPaz2HQkK/0nyO-*tt68S9 
pUCjEfV6Liy22tang/jXxPFbBDK/P68MnmgR8C3PcYhPJCo/K0JR2 /8F8pVVEqd5 
MIIDPwYJKoZIhvcNAQcGoIIDMDCCAywCAQAwggMlBgkghkiG9wOBBWEwHAYKKoZI 
hvcNAQwBAzAOBAho9g8tQyYTvwICFIGAggLA43SpNCoshZX3ikmK1mOIJpS2Ah8Xv 
94S/5NA8kwHtaNXpLrjYr3CyRL93USm55uvGAtECR/Eb10N9zeo2p0gK2JPSbDr6 
/100v0o7UoZNRORBZ8pUegVWJswNWjqvzVu5JIRmpD05Xj VDKHbFqiXAqtj9/w3q0 
Qq/p/M9UrLWD93hyLNdIppWr2KR2it9mASTKEHX9dqXcTOGOKp2Gmr f GNt eGL 02 j 
qVKZaZyYI8gkSxhVLS9zzgf10ynAkzYQsoo+GKhdAW1 f JECemAyPc3L+eeARw/SY 
q1d5QVwxKfYpIJ2wiiavdeRVNbWiwV7Ti+P9PtPx/hV22NNLwWMhvnJcHaSS1Pa0i 
SjoxFJ1EJWGEsOQwcdwM8iN3oVuqT5HU/edMgx9TLNTiE1g2GEq59I/RwBtCL8Dh 
OzKnUb4PU1Z81-*HimV3KPI8g3cduhYaBRAHfqAhMnc*w5HXI6J3CT1NtAE/izZ1Y2 
0d71+GTJfjPgzIy@hjqfbMt8uU9D9IaPr2X j NOWOKRSoj ael16v8bLx+dFn6RMxFUS 
g3nLEZ6EDpyr JfpGPm6mPgZKSXtvnHuFcbS*utkRuVAtqu07r2XpkGBIJLNVIRHU 
5gLACbTj9TPcAce6RLoaYSDgOuFK0YZMdwzhsAI0YMpyHsUEZpQ5t jWSBY6ENbVvF 
7*QhmDnf6N3Bj-*vxUtGS40pVsYCGbmOD7UMSQpUxIgVkpPrfRokOZs/fi9sW*-Xy6 
eQ2Brbn3t9C2TAsORYzFbuBwuTCqFW/rXHS6iffJpx2eAg3DCqaUAJjptSV/yzj4 
vxiX1DB3fMRcpNd5Je7DoHS4axuj7SLHdpNoUHs*qQsG6yDM5BEuXWGxo/L9sGhe 
XQrUnkZ4m4g01sfgTOfDNurXx/oP0ym*-B50q6nLUWvOtYZpmCVil358dIEGPPSMY 
AMXh85tIPFdYSJ3WLsOcxy5XAsXZ15w16Pzeb9SF5topqRUb5PDTfVr2bQUMwTbp 
99FcOQf6cg8HXyT*8b4qKp9Wy jCBxAYJKoZIhvcNAQcBoIG2BIGzMIGwMIGtBgsq 
hkiG9wOBDAoBAqBaMFgwHAYKKoZIhvcNAQwBAzAOBAgNhfODEdzSrQICFFOEOCEq 
FielpeicS90SXNQjLwbN3k081YM2HqeSZoEKJ4JSF1V1kWW3xwfu5aZKrGEYBfGM 
d8renRijMUIwGwYJKoZIhvcNAQkUMQAeDAB j AGEAcgBsAG8AczAj BgkqhkiG9w@B 
CRUxFgQUgSmg*iOgSyCMDXgA3u3aFss0JbkwgcQGCSqGSIb3DQEHAaCBtgSBszCB 
sDCBrQYLKoZIhvcNAQwKAQKgWj BYMBwGCiqGSIb3DQEMAQMwDgQINFcqIEMfd9UC 
AhS1BDgZruEsSaBY-*Cm9WKR8HhH3 JXh* AoMSrwkDCKytWt-- MNIXBO0jY2QZHDbN3u 
Fn7qHw86MDthnKniazFCMBsGCSqGSIb3DQEJFDEOHgwAYwBhAHIAbABvAHMwIwY J 
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KoZIhvcNAQkVMRYEFGSFAzucHVrN5gu6Gn81IvsSczIQ/MC8WHzAHBgUrDgMCGgQU 
8nOYIWrnJVXEur957K5cCV3jx5cECJDjaZkfy4FnAgIoAA-- 
=o END PKCS12----- 


8. Dana's Sample Certificates 


Dana has the following information: 


Name: Dana Hopper 


Email Address: dna@smime.example 


8.1. Dana's Signature Verification End-Entity Certificate 


This certificate is used for verification of signatures made by Dana. 


See BEGIN CERTIFICATE----- 
MIICAzCCAbWgAWIBAgITaWZI-hVtn8pQZviAmPmBXzWfnjAFBgMrZXAwWTENMAsG 
A1UEChMESUVURj ERMA8GA1UECXMITEFNUFMgV@cxNTAZBgNVBAMTLFNhbXBsZSBM 
QU1QUyBFZDIT1NTESIENlcnRpZmljYXRpb24gQXV0aG9yaXRS5MCAXDTIWMTIXxNTIx 
MzUONFoYDzIWNTIxMjET1MjEzNTQ0OWjAA4MQOwCwYDVQQKEwWRJRVRGMREwDwYDVQQL 
EwhMQU1QUyBXRzEUMBIGA1UEAXMLRGFuYSBIbS3BWZXIWKjAFBgMrZXADIQCy2h3h 
hkaKDY67PuCuNLnnrQiHdSWYpPlgFsOif85vrqOBrjCBqzAMBgNVHRMBAf8EAjAA 
MBcGA1UdIAQQMAAwDAYKYIZIAWUDAgEWATAdBgNVHREEF j AUgRJKYW5HQHNtaW11 
LmV4YW1wbGUwEwYDVR@1BAwwCgY IKwY BBQUHAWQwDg YDVR@PAQH / BAQDAgbAMBOG 
A1UdDgQWBBRIA4bBabh4ba7e88wGsDOsVzLd1jAfBgNVHSMEGDAWgBRropV9uhSb 
5COE0QekO8YLkLmuMtTAFBgMrZXADQQDpORBZitzXGYUj xnoKVLIcWL5xner97it5 
VKxEf8bE7AeAp96POPEu//2jXnh4qAT40ymWOwrqxU1NT8WW/dSgC 

=-= END CERTIFICATE----- 


8.2. Dana's Signing Private Key Material 


This private key material is used by Dana to create signatures. 


SSS BEGIN PRIVATE KEY----- 
MC4CAQAWBQYDK2VwBCIEINZ8GPfmQh2AMp+uNIsZMbzvyTOltwvEt13usjnUaW4Nn 
= = i= END PRIVATE KEY----- 


This secret key is the SHA-256 ([SHA]) digest of the ASCII string draft-lamps-sample-certs- 
keygen.dana.sign.25519.seed 


8.3. Dana's Encryption End-Entity Certificate 


This certificate is used to encrypt messages to Dana. It contains an SMIMECapabilities extension 
to indicate that Dana's MUA expects ECDH with HKDF using SHA-256, and that it uses the AES-128 
key wrap algorithm, as indicated in [RFC8418]. 
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SaaS BEGIN CERTIFICATE----- 
MIICMDCCAeKgAwIBAgITDksKNqnvupyaO2gkjlIdwN7zpzAFBgMrZXAwWTENMAsG 
ATUEChMESUVUR j ERMA8GA1UECXMITEFNUFMgV@cxNTAZBgNVBAMTLFNhbXBsZSBM 
QU1QUyBFZDIT1NTESIENlcnRpZmljYXRpb24gQXV0aG9yaXRS5MCAXDTIWMTIXNTIx 
MzUONFoYDzIWNTIxMjE1MjEzNTQOWjA4MQOwCwYDVQQKEWRJRVRGMREwDwYDVQQL 
EwhMQU1QUyBXRzEUMBIGA1UEAXMLRGFuYSBIbS3BWwWZXIWKjAFBgMrZWADIQDgMaI2 
AWKU9LG8CvaRHgDSEY9d72Y8bENZeMwibPugkVKOB2zCB2DArBgkqhkiG9wOBCQ8E 
HjAcMBoGCyqGSIb3DQEJEAMTMAsGCWCGSAF 1AWQBBTAMBgNVHRMBAf8EA j AAMBcG 
A1UdIAQQMAAWDAYKYIZIAWUDAgEWATAdBgNVHREEF j AUgRJKYW5hQHNtaW11LmVA 
YW1wbGUwEwYDVR@1BAwwCgY IKwY BBQUHAWQwDg YDVROPAQH /BAQDAgMIMBO0GA1Ud 
DgQWBBSd303UBe-*a7GCGvCdtBOnOWtyPpDAfBgNVHSMEGDAWgBRropV9uhSb5COE 
OQek0YLkLmuMtTAFBgMrZXADQQD6f7DCCxXzpnY3BwmrIuf /SNOSf / /Otri7USkd 
9GF+VthGS+9KJ4HTBCh@ZGUHIU9EgnfgdSL1UR3WUkL7tv8A 

FODDE END CERTIFICATE----- 


8.4. Dana's Decryption Private Key Material 


This private key material is used by Dana to decrypt messages. 


2 BEGIN PRIVATE KEY----- 
MCACAQAWBQYDK2VuBCIEIGXZt8L71Y480Eq4gs/smQ4weDhRNM1YHG21StivPfz3 
Sot END PRIVATE KEY----- 


This seed is the SHA-256 ([SHA]) digest of the ASCII string draft-lamps-sample-certs- 
keygen.dana.encrypt.25519.seed 


8.5. PKCS #12 Object for Dana 


This PKCS #12 ([RFC7292]) object contains the same information as presented in Sections 6.3, 8.1, 
8.2, 8.3, and 8.4. 


It is locked with the simple four-letter password dana. 
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s= BEGIN PKCS12----- 

MIIKtgIBAzCCCnAGCSqGSIb3DQEHAaCCCm8bEggprMIIKZzCCAu8GCSqGSIb3DQEH 
BqCCAuAwggLcAgEAMIIC1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIZNqH 
TA2APxOCAhQXgIICqK-*HFHF6dF5qwl1WM6MRCXw11VKrcYBff65iLABPyGvWENnVM 
TTPpDLqbGm6Yd2eLntPZvJoVe5Sf2+DW4q3BZ9aKuEdneBBk8mDJ6/Lq1+wFxY5k 
WaBHTA6LNm1/NKkM3za/fr4abKFQnu6DZgZDGbZh2BsgCMmO9TeHgZyepsh3WPAZO 
aYDvSDOLiEzerDP10BgjYahcNL jv/Dn/dFxtOO3or010TTUoQCqeHJOoq3hJtSI-* 
8n0iXk6gtf1/ROj6JRt/3Aqz/mLMIhuxIg/5K1wxY9AwFTA4oyflapNJozGg9qwGi 
PWVtEy3QDNvAs3bDfiNQOqAf JOEHv2z3Ran7sYuz3vEOFnPfA810WbazlydjBOP/B 
0Q+s6VLbsAosnZq9jv2ZVrCDaDA1/g70D7fY8qmaC602q5/Z3KusfMt+r9En2v81 
H2vjgrpxnDIXjYuLZdrnNE/slRtqadOGR/WQ358RG*yUmRUbHYHGnk jn9fOGLasI 
ZUV0eaowivcWyF/kR7QV3VVexgqJMX6k1vzSXRoJ/tnA-*1/WPWy1mCJe1jGOgYqSV 
txtVB61Qmc2XPA48F7wyaQZvdAU9zfe11/tHAaKKJWBpE11IuAEkGtIP6ozYJBFjH 
I11tBA8fijTnug*S40vSgj tsRV/-*kSEiWAF-*pwE8RuTYfUu7q*EwOLYdLgkH50yE 
snOb62UFpR/E1D9exWzohrFbIdUCbjtssXucruAqPNhW/abTOzicWub5nvf-*Pniow 
2VxvhwoGt5jZ+lkaR5Z+1/GpbMgq47EUyGCgKv+5GAcJxUxINZqLbACJ/MhLfYPB 
eJrXz8f5Cigm1wZLisYCqnuc8cGCXjNqNkUlqtzodM8xv4gcgT/zILxmJTZP2q4n 
YAAyBQx5/n2G2dZC*pf 3kAfbXcpOMIICpwYJKoZIhvcNAQcGoIICmDCCApQCAQAw 
ggKNBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBAZzAOBAj xuoiaSZDbnwICFH-*AggJg 
k2hcNYtO0-*15uLqXdiNhr5QO0JkYcrHdoOwR6G5AgLmwI-*TYi*P8EZUjDIJATJ3b4 
6xv7*3pT8cbEFf6PXcfS8/sCfM7FaV3SpLACLZbBJV520KE0CAgALZOLuIz5mGVU 
tWI2h1x587KeIv5GRPIxumDebT3Gmkkp9Qoi55hjTgn6801SgDaJF805wnfODhkS 
0110a3x90wkJSN1AXfmBf j33KnT8DcAbTfAZy1S5o1zCtaEqnct2UrbAPeO3L f HB 
ErBsvY8HE4D7qh6P5f tXHQHAx/b3hbU8jQP1tRON90h0SiLi//ebCeGXWQRdV jL5 
*VQrhlQF5d4Kz9Zx790C36g7C2BxCQomur/F9TT12NPzPpaEGGo61jB6myAHnYw9 
rCxbSxBvbtEtlgJnxxb1Y5Q4ukgy jzK6431Bwq2*iNLOvGc902c 5ELUPUOzGeLBZ 
tXWvdX27a0HjusPfDZ170C5zHiYs1FU6Tkn9Aotc42403d2IRTTcYnnjs1VSilSr 
A4bRyB8zBAQmdQrniBW--7eJm3m/EOUOYyOnoUT169m8KNJrmSspMvKS6pyiYHRAI 
BvAIkRIjvdtQvJdQJ-*Uyr-*HH5daE6go1W1917b2bXj /A1mvXYkJY6W8xOkm1RYhH 
QUZphW1vNcrHKo46Unk48Qc/5J5tI+6UDTXFr//V34vcpQ2ktp@MAK11 rBH549ef 
CsGQTGoq8XHPhksehEEMRmOJDeKTVkKx8xNhbwb395yFCIxfF2NHeDLXP+JyW+nH 
Iy2fnBDlyTiPF7YXyGiPjPAgK8LS8GUE-*Zq2rWqrGNkwggM/BgkqhkiG9w0BBwag 
ggMwMIIDLAIBADCCAyUGCSqGSIb3DQEHATAcBgoqhkiG9wOBDAEDMAAECOf J / s3Y 
f5bgAgIUnYCCAvi4NaYPA4lpAtuXtEO2Zqgl9aLFwsj9B/rikBo601ZR/lsryJAPJ 
VGYy6NyBPjG67g1JVMYil3Hge*j66FXKXD /AaiMVD21Zmf rH935S14ZUKS9tpTJL 
QDw3ejpDEDqJUFJZJ/ybgpRAKoNjhcE3B7F7*WMIS8Pr70M1Fbw7ytUCAjOf18sIW 
prUA8f809dLiGgiWyjE5HMzSXEib5IMRpq5x4028pBrT8rVYgoQSSyVkfHtU7LDi 
Bm68RfBgE17jIqLdrt2kKxHC3/1C4xXQgFNXeQ056aRp8Yu4VpoRwraVLUO3t Jk 
pf1zF fmUei/JtiFlC6uf@PvC2B5h6kAZocE11LxGIDFH7 fTd6dzP7qTDbUQ+uEk3 
qsgktT2pcoVnxTanvQmTCEZM9ZKCX5/z7Gkm+z831GLDDU90NyRSrxHrRBIvgH4w 
3aGH1v6k f YOWwwwaghQOQIZFyzGVRKXsP7As1L+n4ti831TxqSUZX2qy9Lpl4Tjp 
5A/NLMKo3uqmHF1TLnnYUqoppe88FNY8T/LXnHpOKTkuXFmdKJtp1 /ydqh18jBk7 
nfLcQFdf1R/5okysblRtaMujlhelymT7MoM8u5C8ceI07uWX8NI5B/IB-*Yn2BvzZ 
9LXoSia/wHjTu7UK61007WOq9qTYe1ilx*HsmJaOC6hpaQh6b33VWDrHJb17c/4Z 
tvQ9qAzqkqIhFWMRXNK-*32jFVAgXrD8U1QHW2ip5s7W/XtmlAegrhG1nSQgJezY1 
OnE/t2PDWuPeW94kR0uv1fNsh6plLyZYf /BaqhoGCHsa/ipD86viVSZDgJ8ASVLF 
eLUK3HYFMhJ+MLEZZJf f YZAOnbYoyNPNcOvc7dpbk*ZMnl1b5bDFcMCpm7-fWO;jsC 
nsNNL9nqQ1NHHCJRKGuxO5rujftbPM7R3GLT9d/u5e9YY5cXORiDLxomFff1j2Yh 
uRoyX-8WzESt981/KmAraWKXnxOP1FEWaj tNCrnGCezDK03xEHTQhECpg+z704mj 
MjN6MIHABgkqhkiG9wOBBwGggblEga8wgawwgakGCyqGSIb3DQEMCgECoFowWDAc 
BgoqhkiG9wOBDAEDMA4ECL2Bz 1 vW*YZkAgIUugQAYOyE jke53NDvCFROciUHZ7re 
f9/wPx5TgV3qzGhfRAbP2rdpiOt9hAHVK5cmUAR7-*wjAJiYdLUQxPj AXBgkqhkiG 
9wOBCRQxCh4IAGQAYQBuAGEwIwYJKoZIhvcNAQkVMRYEF J3f TdQF75rsYIa8J20E 
6c5a3I«-kMIHABgkqhkiG9wO0BBwGggbIEga8wgawwgakGCyqGSIb3DQEMCgECoFow 
WDAcBgoqhkiG9wOBDAEDMAA4ECFw78Uk8K64uAgIU-*gQ4id0jRb3JyEM5fdpaeQR- 
YEeMn*Y5KavplVD5HtgQQY9hhppbQqG4af7KY*MT6xus6oNEQeJAE5wxP j AXBgkq 
hkiG9wOBCRQxChA4IAGQAYQBuAGEwIwYJKoZIhvcNAQkVMRYEFEgDhsFpuHhtrt7z 
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zAawM6xXMt2WMC8wHzAHBgUrDgMCGgQUzSoHpcIerV21CvCOjAe5ZVhs2M8bECC5D 
kkz12M1tAgIoAA-- 
----- END PKCS12----- 


9. Security Considerations 


The keys presented in this document should be considered compromised and insecure, because 
the secret key material is published and therefore not secret. 


Any application that maintains a deny list of invalid key material should include these keys in its 


list. 


10. IANA Considerations 


This document has no IANA actions. 
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